A years-old vulnerability continues to menace the security of some home Wi-Fi networks in the UK.
The WPS feature in TalkTalk's Super Router can be compromised to steal the gateway's wireless network password, according to folks at software development house IndigoFuzz. The British ISP and telco was warned of the shortcoming in 2014, but seemingly nothing has been done about it.
According to IndigoFuzz's advisory on Monday, the routers provide a WPS pairing option that is always turned on. Because that WPS connection is insecure, an attacker within range can exploit it using readily available hacking tools, and thus extract the router's Wi-Fi password.
In other words, if you're near a TalkTalk Super Router, you can probe it for the Wi-Fi password via the wonky WPS feature, and hop onto the wireless network.
TalkTalk CEO Dido Harding pockets £2.8mREAD MORE
"This method has proven successful on multiple TalkTalk Super Routers belonging to consenting parties which is enough to suggest that this vulnerability affects all TalkTalk Super Routers of this particular model/version," the IndigoFuzz team explained.
"TalkTalk have been notified of this vulnerability in the past and have failed to patch it many years later."
Normally, a computer security researcher discovering such a vulnerability would give the affected vendor the courtesy of at least a 30-day waiting period to develop and roll out patches or mitigations before going public with the details. In this, case, however, IndigoFuzz went public immediately because TalkTalk subscribers publicly raised the alarm in 2014 that the WPS feature is insecure, and thus the ISP has had plenty of time to correct its equipment.
Researchers have, in fact, been unraveling various flaws in routers' WPS functionality all the way back to 2011, if not beyond.
Since security-bungling TalkTalk has had four years to address the matter, IndigoFuzz reckoned another 30 days won't matter much, and went ahead with the disclosure this week. "The purpose of this article is to encourage TalkTalk to immediately patch this vulnerability in order to protect their customers," the biz noted.
A spokesperson told The Register: "We're aware of the reported issue affecting some older routers that means in some rare circumstances, a third party could potentially access the gateway's wireless network password. We work closely with equipment suppliers to ensure that models that may be vulnerable are patched as part of a routine update and maintenance programme." ®
Sponsored: Webcast: Ransomware has gone nuclear