O2 Home Broadband – a security update

scoopex

scoopex

scoopex

Associate
Joined
15 Nov 2002
Posts
1,816
Just got this email in from 02.

We’ve been told about a security problem that could affect your O2 Wireless Box.

The problem could let people change your router settings, which could change how it works.

What we'll do

We’ll set up a password automatically to protect the settings on your O2 Wireless Box. You don’t need to call us to do anything. You’ll only need it if you want to change the settings. (In most cases, you’ll probably never need it.)

The password will be the 11 digit alphanumeric serial number on the bottom of the O2 Wireless Box. The serial number has an “SN “in front of it e.g. “CP0749JTAM3” and a 2 digit code in brackets after it. Here’s how to change it(If you would like to)

Nothing else changes

We won’t change any other settings on your O2 Wireless Box. (The password you use to connect wirelessly to your O2 Wireless Box will stay the same.)

We apologise for the inconvenience, and we’ll do everything we can to keep the disruption to a minimum.

Kind regards,

O2 Broadband Team
 
Ah so thats why i cant log into my box anymore.

Odd that ive not had the email yet.

Im slightly concerned with the fact that they are remotely fiddling with my router, surely i should be consulted first?
 
AtreuS said:
Im slightly concerned with the fact that they are remotely fiddling with my router, surely i should be consulted first?
Click to expand...

but it's not your router. it's only on loan to you whilst you're a customer.

you can use telnet to delete the admin/system accounts if you want to stop them tampering though. :p

it would have been nice to have been notified before they did the changes though. i only received the email today but i believe they were changing passwords from last friday onwards.
 
Last edited:
Hhmmm they still have not changed it on mine yet?, well I have not tried mine today I will see if it has changed when I get home later.

Liam
 
They have done this for all Be customers too, same service and box I suppose.

They sent out three emails in total...

The actual reason is apparantly this, according to the last email sent:

The BE (o2) Box is vulnerable to an XSS (cross-site scripting) combined with a CRSF (cross-site request forgery) that allows a remote attacker to perform actions on the Web UI (user interface), via the use of JavaScript – and without the user’s knowledge or consent.
 
I have DGN2000 but its not playing nice with the 02 service.

All the setting are fine and it does work for a week or so then it slows right down and its like using dial up. Resetting the router has no effect, and swapping back to the o2 one results in normal speeds again.

Im still trying to figure out why. Im currently testing the netgear on my sisters broadband and so far its been fine.
 
Last edited:
Thanks to o2/Be for letting everyone know about this........no emails to me either - I thought it was just me being stupid when I tried to access my router yesterday!
 
AtreuS said:
I have DGN2000 but its not playing nice with the 02 service.

All the setting are fine and it does work for a week or so then it slows right down and its like using dial up. Resetting the router has no effect, and swapping back to the o2 one results in normal speeds again.

Im still trying to figure out why. Im currently testing the netgear on my sisters broadband and so far its been fine.
Click to expand...

Using the DGN2000 here but had no problems at all.
I used this link to configure it dont know if it will help.
http://www.o2user.co.uk/forum/o2-broadband-tutorial-section/673-how-use-your-own-router-o2-broadband.html
 
Just noticed today also before I switched to my new Netgear DGN2000 that they have done the security update to our O2 Wireless Box II router too.

Liam
 
You must log in or register to reply here.
Back
Top Bottom