Hi all. Some know me here because I worked out how to unlock the Home Hub 1.5 and 2 so that they can be recycled and used on non BT connections.
Some don't like me because I talk straight, which is what I am going to do now.
This is a question for the BT staff.
Would you like to explain to myself and the other good people out there in Home Hub land the reason why you have put in a back door so you can access any router with firmware version 8.1.H.J without the owner's express permission?
Before you start your denials I wish to state my case and submit my evidence.
As most Home Hub nerds will attest this is a serious hole in the firewall which allows all traffic from the wan interface (internet) to the lan interface ip 192.168.1.253 which is the secondary IP address of the Home Hub.
In layman's terms this allows BT access whenever they want and to whatever they want does it not?
The files above have been extracted from my own 8.1.H.J firmware please feel free to download them and examine them with text and hex file readers. Actually I encourage you to do so.
The files on the link above are the added extra BTAgent files that you have felt would some way benfit us by adding. They do contain access keys which means the hole in the firewall you created in Exhibit A does have a token measure of security, but let's be honest here what the hell are you doing in my router without my permission in the first place?
I am no linux expert by any means, however even I can see that you have added a firmware update routine as well as a writeable directory in the user accessable flash memory and the necessary instructions for uploading and executing your own plugins (software) on the router!
With this in mind I feel you have performed a serious breach of privacy and endangered your customers online safety by knowingly creating flaws in your equipment's online security. This being namely the hole in the firewall mentioned in Exhibit A
Then there is the fact you can upload and run whatever plugins you like on my or anyone else's router that you deem fit. That could be any monitoring software, click tracking, PHORM, or whatever you wish.
This I feel is in breach of trust between provider and customer as you can use anyone's router for your own purposes whenever you like and without anyone's, including the router owner's knowledge. Surely this cannot be legal?
You can argue that this is just a new update system, however the old CWMP/ACS system worked just fine for that last goodness knows how long and how do you explain the libplugins.so executable?
I await your reply.
Top marks for spotting this, looks well dodgy. I also await BT's explanation.
Thanks very much for posting this. We look forward to the BT reply - I have certainly found it helpful to have this information made available including the various files. Kudos to you!
Perhaps the most important post in a long time - in this or the old forum. Of course, if the Linux GPL had been adhered to both in spirit and in execution, it wouldn't be needed.
I to look forward to a very detailed and expansive explanation - and BT's full adherence to the GPL, to prevent any possibility of "misunderstanding" in the future.
"To forbid us anything is to make us have a mind for it."
-- Michel de Montaigne, Essays, 1559
Talking about GPL I was reading something today about the government discussing open source softwre and the new datagov stuff and some rap over the knuckles from government about software acquisitions and the terms of the open source GPL.
I do remember the discussion months ago about the hub software and the fact that although it was based on open source software it wasn't actually adhering to the GPL license terms. Maybe that argument will come back with a vengeance as GPL terms are given increased priority by HMG - and maybe eventually - by BT?
If anyone requires a full copy of the filesystem this can be supplied in it's native squashfs format or extracted and then tar-gzipped to retain it's full format. For those who solely use windows I can extract the filesystem but you will lose the simlinks so the filesystem integrity could be questioned by bt in that respect.
RE: The GPL. I'd love to see BT adhere instead of the pee poor excuse they claim is adherence. Do their files compile? Do they hell! I'd like the souce of the linux_appl.exe file that is the heart of this wee beastie!
I'll be watching this space for updates.
first they tried phorm, now this.
Its BTs constant buggering about with things that lets them down.
(I have just learnt about ip profiles...)
This is deeply disturbing, and recalls the recent thread on the old Beta BTVision forums that suggest a similar backdoor manipulation of the BTVision box, allowing viewing behaviour to be monitored and intrusive and disruptive targeted adverts to be shown; that thread had nearly 3000 views in a week!
I have started a Privacy and Security thread to suggest that matters of this nature are aired in one location, so if you, psiDOC, or anyone else agrees, feel free to pop over there and add your support for the idea.
Whoops! You can't post in the Privacy and security thread any more - it's now locked so is read-only and any peer-to-peer discussion is impossible :smileysad: