The researcher who discovered that the customer routers of British ISP TalkTalk were under attack has found that the problems didn’t end there. Pen Test Partners’ Ken Munro says that not only were tens of thousands of routers attacked with the Mirai worm, but they were also made to disclose their SSID (commonly known as the Network Name) and WiFi password to the attackers.
A TalkTalk spokeswoman downplayed the situation and rejected the suggestion that all the affected routers should be replaced. She said:
“We continue to take steps to review any potential impacts and have deployed a variety of solutions to ensure customers’ routers remain safe.
“We have also employed additional network-level controls to further protect our customers.”
The dangers that customers are exposed to because of this problem are entirely local. Hackers half-way around the world cannot take advantage of this vulnerability, but someone sitting outside the house can potentially access the network without authorization and potentially steal private information or create additional havoc.
This puts TalkTalk in an uncomfortable position. They cannot automatically update their customers’ device’s passwords. They can send out instructions and explain to their customers why changing the password is so important. However, we know from experience that few people will do this properly. The only other option to ensure their customers’ safety is to replace all the affected routers, which would be very expensive.
This unfortunately creates an intractable situation that will really never have a good resolution. ISPs must learn from this situation and have a plan in place when the inevitable attack on its customers routers occurs.