RSS Alerts

Share

More services

Related Links

  • O2
  • O2 Broadband
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Fortify warns on Ministry of Defence XSS site flaw
    The ongoing industry security problem of cross site scripting (XSS) flaws has hit the Ministry of Defence, Fortify Software, the application vulnerability specialist, has reported.
  • McAfee update reverberates amongst O2 mobile broadband users
    A signature update for McAfee's security software, released late last week, has been causing problems for Windows users around the world and particularly for users of O2's mobile broadband service, Infosecurity can reveal.
  • Updated: UK Government launches Digital Britain report for broadband and online security
    The UK Government has published the final version of its Digital Britain report, which sets out goals for supplying up to 2Mb/s universal broadband services by 2012 and digitalising radio by 2015. Significantly for the information security industry, the report also gives powers to Ofcom and ISPs to police the internet for illegal file-sharing
  • O2 and Plusnet respond to potential XSS modem security issues
    O2 - as well as BT subsidiary internet service provider Plusnet - have both responded to a potential XSS security flaw identified in the Thomson TG565 and TG565n wireless broadband routers they issue to their internet users.
  • Infosecurity: Do You Eat Your Own Dog Food?
    How many traffic policemen never exceed the speed limit when off duty? How many vicars don’t swear? And how many IT security professionals practice what they preach? No, seriously, do you eat your own dog food? That’s the question Davey Winder has been asking of infosec professionals in an attempt to determine just how secure security experts really are away from the office
    Members' Content

Top 5 Stories

News

Cross-site scripting (XSS) security problem hits broadband routers

04 September 2009

The problem of cross-site scripting (XSS) security flaws - which have affected hundreds of websites this year - has spread to broadband routers, as a security researcher claims that the Thomson wireless box III supplied by O2 leaves internet users "wide open" to the issue.

O2, which as well as being a mobile phone company, is carving out a name for itself as a broadband supplier, following its acquisition of Be Internet two years ago. O2 has confirmed it is looking at the XSS security problem, which was raised by a reseacher - and one of its customers - saying he had spotted a design flaw.

Paul Mutton, a British security researcher and renter of the O2 Wireless Box III, claimed in his blog that he had revealed a vulnerability in the router which could potentially leave the device wide open to XSS forgery attacks.

He also suggested hackers would be able to view and change settings on the customer's modem and even steal the router's wireless encryption key due to teh XSS security flaw, even if the user had enabled a WPA2 setting.

The routers, which are customised versions of the Thomson TG585n, are also used by other service providers, Infosecurity notes.

O2 is unusual, however, in `hard coding' the routers to allow them to work out of the box when the user plugs the unit into the phone socket.

The ISP said it is taking the potential XSS security problem very seriously and is working with Thomson on a possible fix.

This article is featured in:
Internet and Network Security • Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012