cancel
Showing results for 
Search instead for 
Did you mean: 
KRD
Newbie
4,584 Views
Message 1 of 34

Router security problem

Wordfence are a provider of security tools for the popular Wordpress CMS. They routinely analyse online threats to Wordpress-based websites and publish their findings to their user community.

 

Recently, they posted an alert about the large global population of domestic routers that have a vulnerability which enables hackers to:

 

  1. Use this distrbuted resource for automated attacks
  2. Gain access to a router user's private network

Their analysis has found thousands of routers worldwide being used for (1) so this is a real threat, not a theoretical one.

 

In response to a user request they have provided a tool that tests one's router for port 7547 being open or is running a vulnerable version of RomPager. My Home Hub failed this test, so it's reasonable to assume that everybody else's will too.

 

The seriousness of this hardly needs emphasising so I raise the alert on this forum in the expectation that BT, as a responsible ISP, will take urgent and effective action to protect not only its customers but the global internet user community.

 

I understand that this port enables ISPs to download and install firmware updates, so the solution would appear to be the establishment of a secure protocol to enable encrypted communication while blocking 7547 from public access. Apparently there is already malware that installs itself on the router and then closes the port behind itself. You have to admire the ingenuity!

 

Over to you BT. You should find Wordfence very supportive in helping you address this problem.

33 REPLIES 33
Distinguished Sage
Distinguished Sage
4,576 Views
Message 2 of 34

Re: Router security problem

Contrary to your statement "My Home Hub failed this test, so it's reasonable to assume that everybody else's will too".

 

Having used a few different "Port Checking" websites and checked the port on a couple of Homehubs I found that the port was closed on them.

 

 

 

 

0 Ratings
Reply
Liam_
Expert
4,553 Views
Message 3 of 34

Re: Router security problem

@KRD

 

During the December router attack there were no instances of BT Hubs being involved.  I'm not a fan of Hubs but they seemed to weather that particular storm intact.  The port may not be stealthed but no instances of Hubs being recruited have been established.

A little info here:

http://www.bbc.co.uk/news/technology-38167453

 

So no reason to be concerned or cause panic with less knowledgeable users.

0 Ratings
Reply
Thursday
Newbie
4,520 Views
Message 4 of 34

Re: Router security problem

KRD - I'm in the same boat and agree they should be fixing this right away. It's totally irresponsible not to act. 

KRD
Newbie
4,517 Views
Message 5 of 34

Re: Router security problem

It was not my intention to cause a panic! I raised the issue over the telephone with BT Tech Support who advised me to post the issue to this forum. So I provided as full information as I have.

My reported failure of the Wordfence security test may be a false positive or it may have revealed a problem that needs fixing. either way, I would expect BT to come back to this forum with an authoritative response to put all our minds at rest.

rebelhel
Newbie
4,498 Views
Message 6 of 34

Re: Router security problem

I am grateful to you for posting this here, as I have also recieved the same update from Wordfence, and having tested my BT home hub, it also shows that the router has port 7547 open and may be vulnerable.

 

Here is the advice from wordfence:

 

'What to do with the results

If you are vulnerable, we recommend that you:

  • Immediately reboot your home router. This may flush any malware from your home router.
  • Upgrade your router firmware if you can to the newest version. Close port 7547 in your router config if you are able to. (Many routers don’t allow this)
  • If you can’t upgrade your own firmware, immediately call your ISP and let them know you have a serious security vulnerability in your home router and you need help fixing it. You can point them to this blog post (https://www.wordfence.com/blog/2017/04/check-your-router/) for more information. Let them know that your router has a vulnerability on port 7547 in “Allegro RomPager” that can allow an attacker to access your home network and launch attacks from your router on others.
  • Run a virus scan on all your home workstations.
  • Update all home workstations and devices to the newest versions of operating system and applications or apps.
  • Update any firmware on home devices where needed.

If you are not vulnerable, but port 7547 is open on your router, we recommend that you:

  • Reboot your home router immediately. You may suffer from other port 7547 vulnerabilities.
  • Upgrade your router firmware if you can.
  • Close port 7547 on your router if you can. (Many routers don’t allow this)
  • Contact your ISP and let them know that port 7547 on your home router is accessible from the public internet. Let them know that port 7547 is used by your ISP to manage the router. It should not be publicly available. Suggest that they filter access to that port to prevent anyone on the public internet accessing it.'

    I hope that BT addresses this before it becomes a major issue for them that would impact on their reputation. Looking forward to a response and positive action.
Liam_
Expert
4,480 Views
Message 7 of 34

Re: Router security problem

Have you guys got any software installed that uses some form of Licence Management?  That could be the reason for the oddity with your port.

0 Ratings
Reply
Highlighted
qdex
Aspiring Contributor
4,436 Views
Message 8 of 34

Re: Router security problem

I also received the alert from Wordfence and ran their test indicating my router was vunerable.

 

It also alerted me to the fact the router's call home feature to update the firmware wasn't working, so my firmware was 9 months out of date.  I had to factory reset my router several times this morning to force an update. This was extermely concerning.

 

Once the update was installed, my router got the all clear and the port was closed.... for about 20 minutes... when it once again became vunerable.

 

It should be very simple for BT to block internet access to this port via a simple corporate firewall rule

 

The port is used to communicate using TR-069, a technical specification for remote management of end-user devices. It should only be open between the ISP and the remote device.  This is basic network security.

 

To quote the wordfence blog...

Your ISP should not allow someone from the public internet to connect to your router’s port 7547. Only your ISP should be able to access this port to manage your home router.

 

No reason to be concerned or cause panic?  I disagree. Just because the router hasn't been hacked yet doesn't mean that it wont be.  BT should take immediate action now to protect it's customers from a very real threat.

 

We should all be extermely concerned that BT are not doing anything about this.

Tags (2)
0 Ratings
Reply
KeeffromLondon
Beginner
4,425 Views
Message 9 of 34

Re: Router security problem

My SmartHub has 7547 open too. This a home installation and not we are not running anything like licensing software.

 

 

There are a lot of TR69 ConnectionRequest Failed entries in the log.... 

 

0 Ratings
Reply
crashcourse
Beginner
4,409 Views
Message 10 of 34

Re: Router security problem

I've put in several calls to BT today regarding this, but ended up bouncing from one support team to another, occasionaly being referred to the paid subscription 'Tech Experts' service, which I keep refusing to accept as a solution. I've been told to call 0808 100 4332 tomorrow, but I'm a little skeptical.

 

Any BT security engineers able to shine any light on this?