back to article BT cheerfully admits snooping on customer LANs

BT reserves, and makes use of, the right to remotely detect all devices connected to LANs owned by its broadband customers – for their own good, of course. BT Broadband customers can expect to have their network checked any time the operator feels it needs to take a peek to help it provide the service, or when the safety of …

COMMENTS

This topic is closed for new posts.

Page:

  1. Reg Sim
    FAIL

    Phorm.

    "we don't believe that consent is necessary where the testing is necessary to the service that we are providing" - you think they might of learned?, no!, well I was never holding my breath.

    1. penguin slapper

      Consequences

      There were no consequences to them for Phorm - so they certainly did learn the lesson.

      In April 2011 the CPS decided not to prosecute as this would not be in the public interest, as neither Phorm or BT had acted in bad faith and any penalty imposed would be nominal.

  2. nichomach
    Stop

    Don't have IP Addresses? Don't they, by George?

    I've installed a few high speed Devolo powerline kits and the adapters most certainly DID get IP addresses, indeed you could manage them via web browser, if you felt an overpowering urge to do so. I assume the boxes in question under discussion here are thos Comtrend kits that were supplied by BT a while back; I have no direct knowledge of whether these are IP addressable or not, but certainly some manufacturers' PLT kit is.

    1. Ben Tasker

      Yeah they do

      The Comtrend ones also grab an IP for the benefit of the Web Interface.

      I also found they are incredibly easy to DDoS without using any real bandwidth yourself (3-8 min downtime from 1 request). Generally a crappy bit of kit, but definitely IP addressable

    2. teacake

      @Don't they, by George?

      I think the specific point would be that they don't have public IP addresses and have no presence on the internet, so could only be addressed via asking the BT router to do it.

      1. Anonymous Coward
        Happy

        Yo dawg

        I herd you like security, so I put an firewall-enable-router behind your firewall-enabled-router so you can hide from teh internets while you hide from your ISP

        1. Benedict

          me titles

          memebase is over there ----->

        2. ppp.an

          the same

          Actually, this is exactly what I did.

      2. nichomach
        Happy

        Upvoted, but

        if that's what the author meant, that's what the author should have said?

    3. Graham Wilson
      Flame

      It's time we had an open-source coop ISP

      It's time we had an open-source coop ISP whose policy forbids such practices.

      That we haven't already probably means that there's too many vested interests to let it happen. It seems that every entity--from various spook agencies, governments, government departments to advertising companies all want a piece of the action.

      That's probably why we've never had one--a single closed proprietary company is not only easier to deal with but also it's easier to secretly coerce.

  3. Anonymous Coward
    Boffin

    BT's behavior

    BT's behavior differs from Apples, exactly how?

    1. Sir Runcible Spoon
      Joke

      Sir

      "BT's behavior differs from Apples, exactly how?"

      Oranges.

    2. SuccessCase

      The answer is simple: recording customer identifying information

      Apple sharpen their database of cell tower and Wi-Fi hotspots through crowd sourcing location data and have confirmed they retain no customer identifying data (such as IMEI or any other unique to the person data). They contend they have not ever and never will use the report back mechanism to keep or retrieve a log where the costumer has been traveling. Plus the data sent back is publicly broadcast data and so cannot be said to compromise privacy (though the cache of data stored on the phone for the purpose of allowing rapid triangulation of the users current location was a problem for anyone who's phone fell into malicious hands - and Apple have said they have fixed this weakness now). BT, on the other hand, are proving they have taken data about their customer's network kit and must be storing it against the customer record for at least as long as it has taken them to get the letters out (though as some commenters have pointed out their examination and reporting on your network may go no further than checking if the questionable power line kit has made a DHCP request of the Home Hub router). So there is a clear difference and an important line BT have crossed. Personally my concerns about Apple pale into insignificance when compared with the personally identifying data all ISP's and the mobile carriers retain. For ISP's a log of every network request (e.g. Including the actual http URL requests you make) and for mobile carriers, the same plus a detailed log of everywhere you have travelled, which can be cross referenced with the http requests made whilst on the move. And all that regardless of which checkboxes you may have ticked. Scary stuff.

  4. Pascal Monett Silver badge

    "we don't believe that consent is necessary"

    Welcome to the new corporate excuse.

    I hope a judge sets them right quickly.

    1. Anonymous John

      Not a new excuse.

      Remember Phorm?

  5. Frederic Bloggs
    Flame

    Juicy new attack vector?

    And by admitting that the facility exists to scan networks behind "the firewall" (which everyone has carefully setup - right?) in one's router, you can bet that there are several blackhats now actively searching for a method to exploit it.

    Will people never learn?

    1. Tony-A
      Grenade

      OR

      Consider the possibility that the black hats have known all along and now the knowledge is not confined to just the black hats.

  6. Jonathon Green
    Boffin

    Title? We don' need no steenkin' title...

    "PLT devices don't have IP addresses..."

    You sure about this? I'm pretty sure my (BT supplied) Commtrend units have a web configuration interface accessed via an IP address...

    --

    JG

  7. Anonymous Coward
    Flame

    Advertising

    Next up of course will be the targetted advertising for life insurance cover, courtesy of Phorm PLC.

  8. MJI Silver badge

    Had the letter as well

    The new adaptors had already been sold as well after waiting a month.

    BT Vision box is on a ethernet lead to the hub

  9. fLaMePrOoF
    Unhappy

    Title..........

    And we're supposed to believe that BT won't use this capability to gather commercial statistics from their customer base?

    After all, they do have previous phorm in this area...

    1. Asgard
      Big Brother

      @"After all, they do have previous phorm in this area"

      This kind of phorm spying is definitely increasing and its not just BT. I was shocked by the recent super injunction Barbra Streisand effect story, when one company stated that 12% of viewers of Twitter were new to viewing Twitter. So how did they do that, (were they helped by ISPs), but however they did it, it means they know who has viewed twitter (and what story) and that is more of this Phorm style spying.

      1. Ian McNee
        Headmaster

        Simples: at any one time roughly 12% of the population are twats...

        ...and therefore at some point there is a very good chance that they will begin to use Twitter.

        Not that *THEY* aren't watching you...

        <evil_laughter>

  10. Sir Runcible Spoon

    Sir

    Assuming at least some of these customers have changed their admin password - this kind of implies that they have a back-door in to the BT homehubs, yes? If that's the case then anyone using a BT homehub on another providers network is also vulnerable.

    I'd like to know for sure exactly how they obtained access to the local device in order to scan the LAN. I don't see how they would be able to do this if the customer had an adsl router/modem from another provider, but lack of detailed information doesn't mean they can't - those boys at Martlesham shouldn't be underestimated.

    1. Anonymous Coward
      Big Brother

      BT Home Hub

      I feel that this latest revelation confirms I was right to refrain from using the BT Home Hub they sent me a few years ago. I simply didn't trust BT. Even back then there was the worrying "feature" of the Home Hubs being automatically, remotely updateable by BT.

      I wouldn't be surprised if the next version of the BT Home Hub comes with a free telescreen.

      Come to think of it, is that what BT Vision is intended for? All they've got to do is include a free webcam for an exciting new videophone service...

    2. BristolBachelor Gold badge
      Unhappy

      Provided ADSL kit

      I have an ADSL router provided by my ADSL provider (non UK). I changed the Admin password pretty quickly too (user: Admin, Pass:Admin !!) as well as setting up DDNS. Unfotunately it lasted less than a week, when the Admin password was reset and DDNS turned off.

      There is a setting in the router to disable the operator back-door, but obviously that option is greyed out....

      Personally I'd prefer to use my own, but since they won't tell you any settings for it, you can't get it to connect to their network.

      1. The First Dave
        Boffin

        @BristolBachelor

        So put your own router in between their router and your network - problem solved.

        1. BristolBachelor Gold badge
          Unhappy

          @The First Dave

          "So put your own router in between their router and your network - problem solved."

          Unfortunately not. My problem isn't that they might snoop on me. My problem is that I have incoming services, and when they reset the router, it removes the settings for port forwarding (& DDNS which is needed for each time they change the IP address).

          I'm waiting for the Hylas broadband sat to become operational and see what my costs of SAT broadband would be...

      2. Ross 7

        Re: Provided ADSL kit

        BristolBatchelor - "There is a setting in the router to disable the operator back-door, but obviously that option is greyed out...."

        Depends how stupid the firmware writer has been. If they are particularly bad (and it's rather common) just use a half decent browser or a proxy that lets you modify inbound and outbound requests on the fly. Enable the option, submit it :)

      3. Anonymous Coward
        Alert

        same thing goes on

        same sort thing goes on over here in blighty.

        I am on Be broadband, (in my opinion the best broadband provider I have ever had the pleasure to do business with) and with there own supplied router (a Thompson speedtouch,) it has its own back door enabled for the customer services team to access the router. they don't say they will scan your internal LAN or ask for your agreement too. but as the router remains their property I suppose they have the right to access it remotely. For the novice user I can see how this can be a really helpful feature when customer services can remotely re-configure the router to get them on line again but for me it was an unacceptable security risk.

        I plugged in my own router, and had a few problems configuring it, it took a little bit of goggling to find the required settings but it didn't take too long to get up and running for snooping ISP free surfing.

        the only problems are that if I have any connectivity issues until I plug in the speedtouch they will not go any further. that said, In the three years i have been with them now, I have not had one minute of loss of service, never had any problems with speed drops.. I run a web/email server myself, the missus and the daughter all use the connection and never have a problem over heavy use !!

        1. Anonymous Coward
          Thumb Up

          Be

          '....and with their own supplied router [...] has its own back door enabled for the customer services team to access the router.'

          Just to fill in a/c's blanks:

          * Be tell you it is there.

          * Be give you detailed instructions on how to turn it off.

          That said, you should probably use you own router anyway. Not for security concerns; it is just that the speedtouch is a humongous pile of shite.....

      4. A J Stiles
        Alert

        Shocking

        In the UK, this would be illegal -- and it may also be illegal where you live. It comes under the heading of "criminal damage".

        Fortunately, you *can* repair it. Get the firmware for the "generic" version of your router from the manufacturer's website. Backup the configuration first (both ways -- save it and print out the web-based configurator pages), re-flash the firmware, restore the configuration you saved earlier and then disable all remote management now the option is there.

        1. Anonymous Coward
          Pint

          bE box....

          "Get the firmware for the "generic" version of your router from the manufacturer's website."

          The problem with this is that when the ISP source the routers and have the custom firmware installed at the factory, they tend to give the router a different version number that is unique to the ISP. When you try to install the generic firmware it fails the version check.

          I spent a week or so trying to "jailbreak" the BE supplied router (just for giggles) and decided it was not worth the hassle and carried on using my own toys.

    3. Anonymous Coward
      Pint

      Martlesham.....

      I used to work BT Subsiduary Cellnet and had the joy of heading to Martlesham Heath, It is a fantastic place and the boffins there are certinly worthy of much, much praise.

      I do recal, back in the late 90's they were working on a working prototype of some 3D glasses, mounted to a Ericsson [now Sony Ericsson] branded Psion 5MX to remote diagnostics in tunnels. Hands free engineering down holes. And that was only what they would she the 'grunts' like me!!

      1. Stuart Gepp
        Joke

        I used to work there

        What's the difference between BT Martlesham Heath and Jurassic Park?

        One is a futuristic theme park filled with dinosaurs and the other one is a film.

    4. Anonymous Coward
      Anonymous Coward

      A guess

      There's a setting for Remote Access buried within the hub. Not at home to check whether activating it is a one-time thing or if it times out, but may be related to that.

      I'll certainly be setting a port scan running later (long as the neighbours let me use their wireless!)

      I'm in a wind-up mood today so I've emailed BT to ask whether they mind me trying to access their Vision on Demand for free as it's 'necessary testing' to decide whether I want to pay for a film or not. Hoping the guy on the other end has a sense of humour or I'll be getting a knock on the door

    5. Peter Gathercole Silver badge

      No it doesn't

      PLT devices have discovery protocols (by what looks like a periodic broadcast) so they can see each other. Chances are they also use uPNP and are probably visible to the HomeHub. That's the beauty^H^H^H^H^H^H danger of uPNP.

      Even if they do not use uPNP, BT can probably make a reasonable guess about whether such devices are on the net by sampling the packets on the net, and looking at the first six octets of the MAC address that identified the vendor of the device.

      My PLTs are Intellon based, and come with a (Windows) utility that allows you to set the encryption key. Not only does the utility find the devices, but also can tell you how fast they are operating, so there must also be some other magic under the covers. I have a Linux utility in source, so I'll have a look at how it works.

      Still, I have a Linux based firewall (really, separate from any of the comms kit - Smoothwall as you ask) between my ADSL router and the rest of my network (yes, yes, I know that there is a risk that the PLT escapes onto the wider electricity network, but that's why I set my own key), but it means that my ISP cannot probe my network.

      1. Sir Runcible Spoon

        Sir

        "by sampling the packets on the net, and looking at the first six octets of the MAC address"

        The MAC address doesn't leave the local link, so it* won't be visible in packets leaving the router towards the ISP**

        *They _will_ see the MAC address of the routers external interface of course, but not anything on the inside of the router.

        **unless you are running IPv6 and the MAC addresses is incorporated into the IPv6 address - and this still isn't the MAC address, it's an IPv6 address.

        MAC addresses are only visible within the broadcast domain it sits in (unless someone is has set up a transparent bridge or snooping interface)

        1. Peter Gathercole Silver badge
          FAIL

          @Sir Runcible Spoon

          But the BT HomeHub router is on the local network, and so a judicious bit of logging code in the router allows such things to be captured. Remember, a router may do much more than routing, especially if you (or in this case BT) has control of the firmware. I'm sorry for the icon, but I'm not the one being stupid here.

  11. Mark 65

    Which is why

    It's best to bring your own toys to the party - most of the ISP supplied hardware is shit, restricted, or both.

  12. Mike Hunt 1
    Black Helicopters

    BT - They're watching.....

    We ditched our BT Hub as, despite having the wireless switched off, was still offering itself to the ether for BT wireless customers.

    Then, to just remind us of their omni-presence, they injected a message into our system to appear on any browsers, reminding us that there was an outstanding bill that needed paying on our account.

    Thanks BT - anything else you need to tell us?

    If you can read this then it got through their filtering / censorship systems !!

    1. Anonymous Coward
      Flame

      steaming great elephant ....

      Would this be the 'Pay us by direct debit or we bugger up your connection every three months' screen?

      The one they serve up ONCE to any device trying to get to the net (and in my case has been served to non computing devices)

      The one where they have helpfully blocked ALLL the options to get rid of bar a button that has been known to take hours to work?

      The one BT business deny exists?

  13. The Guv
    Grenade

    Purely speculation and quite poor journalism.

    BT take action to ensure customers are ok.

    BT send out replacement kit (nice move).

    BT check to see if new kit is used.

    BT write to some customers urging them to use new kit (I know this as I got a letter).

    El Reg posts speculative/negative story.

    Given that the Hubs have a remote management control system to deal with firmware updates etc - then BT would have a list of customers to check. It wouldn't make sense to scour the entire customer base - just those in the BT Vision customer base which at the time they sent out the old adapters was around the 200-300k level.

    I dare say if BT wanted to make checks they could but if it got out that they were snooping then the PR would be very bad. I think they learned their lesson after the hit they took for Phorm.

    When I read this I just thought it smacked of an easy target rather than someone investigating what was sent/what BT's policy is.

    1. Fuh Quit
      Thumb Down

      BT should allow the customer to reserve the right

      to electrocute themselves.

      Get orf my network!

      Actually, last time I had DSL, I double-NATted. It's the only way to fly!

      1. Anonymous Coward
        Happy

        that should be...

        Ger orf my LAAAN

    2. Anonymous Coward
      Alien

      Re: Purely speculation and quite poor journalism

      Agreed. And now expect the flood of downvotes from the tinfoil hat brigade...

      Lets not credit BT with too much ability here. I have a BT Hub, and I am using the new Powerline adapters, and yet I got the letter saying I'm not! So their amazing snooping system doesn't actually work, if it exists at all.

  14. the idiotuk

    Virgin Media too!

    To my surprise after upgrading to the 100mb service and having a few initial problems, they did a remote scan of my network. They told me the speed of the lan port of my pc and the speed of the wireless connection. I had just changed the router password so assumed it was secure from probing. I was so surprised I let this go at the time. Maybe I'll follow this up with them now.

    1. Anonymous Coward
      Anonymous Coward

      A long while ago...

      ...I was trying to send an email to somneone on an Australian ISP. The AU ISP unfortunately had signed up to some spam-prevention measure that had blocked Blue Yonder (now Virgin Media) because of the prevalence of open SMTP proxies on their network. So, I sent an email to Blue Yonder rather cheekily asking "so do I get a support ticket for this?"

      Oh hell yes I did. Priority one. Over 500,000 customers affected apparently. BY then set a machine to constantly scan everyone on popular SMTP proxy ports, with the upshot being that if you were running an open SMTP or web proxy you got booted off until you phoned them up and begged them to have your connection back. I would guess this is an ehanced form of the same thing?

      AC because I don't want to be besieged by irate geeks.

      1. Anomalous Cowherd Silver badge

        Fantastic

        Enhanced form? Hell no, I wish more ISPs would do what Blue Yonder did, and I've no problem with someone remote port scanning my home network - black hats do it all the time.

        This one is different however - it's not a remote port scan (initiable by anyone) but somehow they've hopped over the router and scanned the internal network. That implies a back door, and *that* is a bad thing.

    2. The Fuzzy Wotnot
      Pint

      One reason I will not upgrade from the 10MB on VM

      If you upgrade above 10MB you have to take their nasty little new locked box of tricks, modem cum router. I am happy with their modem at the front and my kit from there on in, two hacked Linksys routers running DD-WRT firmware. I know what's coming and going from my pipe thank you VM.

Page:

This topic is closed for new posts.

Other stories you might like