All Sections

Big 4 ISPs say their routers are safe from SHELLSHOCK hack attacks

BT, Virgin Media, Sky Broadband and TalkTalk have reassured customers their routers are not open to Shellshock attacks that allow hackers to take control.

The Shellshock hack only affects systems using the Bash interface (shell) and includes devices such as smartphones, tablets and routers, as well as Mac OS X computers, and can allow hackers to wipe systems or turning them into a controller to cause damage to other devices.

However, the four ISPs revealed their routers would not be vulnerable to attacks, neither would any router using BusyBox, which is an alternative Linux-based interface to Bash.

Routers including the BT Home Hub cannot be hacked using Shellshock
Routers including the BT Home Hub cannot be hacked using Shellshock

BT told telecoms industry blog ISPreview.co.uk: “At this time we do not believe that BT Home Hubs, BT Vision and YouView boxes are vulnerable. We are however conducting a thorough review of our estate, and continue to monitor the situation.”

While Virgin Media said: “We can confirm that all versions of the Super Hub supplied by Virgin Media have been tested and are not vulnerable to the Shellshock/Bash bug,” and Sky reassured customers that there are no issues with its routers.

TalkTalk was the final of the big four ISPs to release a statement about the Shellshock exploit: “Although our routers are not affected, customers should ensure they are protecting themselves if they are running web servers.

“Customers can get general advice on protecting themselves by visiting help.talktalk.co.uk. Our customers using other routers should seek advice from their manufacturers.”

Hacking vulnerabilities in retail router products made by Asus, Belkin, Netgear and Trendnet were exposed at this summer’s DefCon 22 security conference, while security researcher Eloi Vanderbeken found flaws in Cisco, Linksys, and Netgear routers, and in January EE was forced to update its BrightBox router after a customer found it was easily opened up to malicious use.

Comments