Following an Avast scan of my network I received an alert telling me the Broadcom X1 is insecure, see following
"This device has open ports facing the internet.
Open ports reachable from the Internet ::7547
Close the open ports in this device's setting."
I believe the Broadcom X1 device is related to, or part of the, BT Hub 6 router.
Being none technical I am asking;
Does this port need closing?
Can it be closed?
Will this interfere with the normal functioning of the Hub 6?
If it needs to be closed how do I do it?
I would point out this router has been in use for a number of years and as far as I know there have been no security issue during this time
Any info' appreciated
Solved! Go to Solution.
Its the port used by BT for remotely updating the firmware on the home hubs.
There is an old thread here that might be of interest.
I have the same question. Also using Avast and tonight as I come home from work, Avast did report that my BT Home Hub is not secure because port 7547 is open to the internet and it is a remote access port, so hackers could potentially spy on me and steal my data. Until today I never had any security problem with this Home Hub.
I did read all the old threads from 2016 to 2018. In this thread there are some useful information: https://community.bt.com/t5/Archive-Staging/Router-security-problem/td-p/1736037/page/2
@SeanD (the community manager) reply was, "We have investigated the concerns raised and we can confirm that the port in question (7547) is designed to be open on the Home Hub as part of its normal operation."
Further down in the thread @qdex has also confirmed: "the person I spoke to said BT had debated internally whether or not to leave port 7547 open to the internet. They had taken the decision to leave it open for 'operational reasons"
However, on page 3 @DerekSurrey claim that: "I called BT and they assured me it is only open for a short period whilst firmware updates are taking place"
So to summarise, it is normal for this port to be open. it is used by BT to update the hub. BT may also decide to open this port and leave it open 24/7, or close it and open it only when they update the firmware. My problem with this is that, I never had any security problems before, Avast never reported this port being open so I would like to be certain what is happening. Is it just a firmware update, did BT decided after years to open it today and leave it open? or was it open all along only Avast didn't picked up? Is my network secure? @SeanD could you please confirm one more time if this port being open is normal and we can ignore it? Or a confirmation from anyone from BT would be nice. Also, in case it is open only to update the firmware and then should be closed, how long the update should last? Hours or days maybe?
Thanks.
Thanks to all who respnded to my question. The answers set my mind at rest. As non computer techie these alerts can be a little disturbing. As the open port is used for updates 88t could have caused problems had it been closed as recommended by Avast. Good to know there's somewhere to turn to to check these things out before acting.
Thanks again everyone
Hi Everyone,
Sorry for the delay in getting back to you on this. I have spoken with our hub team in relation to port 7547.
I can confirm that port 7547 is currently open and will remain so indefinitely. Avast reporting that this port is open does not make it unsafe, this port is well protected within the code. All hubs operate in this way and have done since birth and the port number varies depending on the hub type.
I cant offer you any insight as to why Avast is now reporting this as a security risk.
Cheers
Sean
@SeanDwrote:Avast reporting that this port is open does not make it unsafe, this port is well protected within the code....
I cant offer you any insight as to why Avast is now reporting this as a security risk.
Cheers
Sean
Hi @SeanD . Thank you for the confirmation. We have also received an explanation from Avast regarding why is their AV product report that it is a security risk. After checking the logs, they told the port is visible from the internet and their backend scanner was able to successfully connect to port 7547 on the Internet-facing IPv4 address and received an actual response from the service running on the port.
"data" : "",
"headers" :
[
"Server: gSOAP/2.7",
"Content-Length: 0",
"Connection: close"
],
"port" : 7547
They told it is a large attack surface and potentially allow hackers to exploit vulnerabilities in the code protecting the port. They recommend to filter the port from public internet access.
Could you please confirm that for the last time, the fact the port is visible on the internet and Avast was able to connect and get the above response from the port is part of the normal operation and it is secure?
Thank you.
Hi @zigi,
Thanks for the post and sorry for the delay in getting back to you.
I have doubled checked this again with our hub team, and provided them with a copy of your post, outlining the info that Avast has supplied to you.
They have confirmed that we don't have any concerns with the security of this port as it is well protected within the code. We would advise against blocking this port because your hub would not be able to receive any updates from BT so you will miss out on firmware updates.
I hope this info helps put your mind at ease.
Cheers
Sean
Thanks SeanD
Much obliged to you and everyone else who has responded. Seems pretty clear the router is secure.
Cheers
Cruso