TalkTalk Suffer another Major Hack

TalkTalk are still in the process of repairing their brand after a major hack in 2015 meant that around 157,000 customers were in danger of having their personal details stolen. Poorly handled and originally covered up, that hack led to a spate of customers leaving the company and an expensive compensation package being offered to customers by way of an apology.

In the year since, TalkTalk have revamped their brand, simplifying their advertising and pricing policy and vowing that nothing like that hack would happen again.

Unfortunately though, that’s exactly what’s happened. Although not similar to the database hack that TalkTalk suffered in 2015, this is yet another high-profile failure on TalkTalk’s behalf to secure their consumer facing systems.

So what’s this new hack about?

Well, it relates to TalkTalk’s D-Link DSL-3780 routers, which have been hit with a form of malware called the Mirai worm. Spread via hijacked computers, it causes damage to equipment powered by Linux based operating systems.

At the time, TalkTalk said that the hack shouldn’t have done too much damage, and simply restarting your box would update it to the latest software and solve the problem. However, experts have now warned the damage could be much greater.

Research has shown that the attack that blocked internet access would have also been able to steal Wi-Fi passwords, as well as let attackers pinpoint where the equipment was being used, making more targeted hacking possible.

Routers replaced?

Pen Test Partners carried out the research, and they’re strongly suggesting that the thousands of affected routers are replaced. However, TalkTalk say they’ve seen no evidence to confirm the thefts.

“As is widely known, the Mirai worm is affecting many ISPs [internet service providers] around the world and it has affected a small number of TalkTalk customers,” a spokeswoman said.

“We continue to take steps to review any potential impacts and have deployed a variety of solutions to ensure customers’ routers remain safe.

“We have also employed additional network-level controls to further protect our customers.”

Mr Munro obtained an affected router in order to study the attack, and found that the router was attacked by a variant of the Mirai worm called TR-06FAIL and that a follow up attack with the same malware caused the router to reveal the SSID and Wi-Fi password.

As a result, even after subscribers restarted their box their routers could remain at risk.

Mr Munro explained: “Most consumers never change the Wi-Fi keys written on the back of their router, so the fix didn’t actually fix the problem,”

“Once an attacker has got the Wi-Fi key, if they go near to the house they can get nearly everything from their home network.

“TalkTalk should seriously consider replacing customer routers immediately unless it can prove they haven’t been compromised.”

Customers shouldn’t be worried about encrypted activities like banking, but emails might be susceptible to attacks. Mr Munro said that the recall would affect up to 55,000 routers, though TalkTalk’s spokeswoman said it firmly disputed that number, saying that the amount of numbers affected was “nothing in that order of magnitude”

“Our security team does not believe there is any greater risk that a customer’s Wi-Fi can be used or accessed without their permission as a result of this,” she added.

“Astonishing advice”

Meanwhile, TalkTalk have suggested that there’s no need for users to change their routers settings. That advice has been called “astonishing” by a cyber-security advisor to Europol.

“If TalkTalk has evidence that significant numbers of passwords are out in the wild, then at the very least they should be advising their customers to change their passwords,” said the University of Surrey’s Prof Alan Woodward.

“To say they see no need to do so is, frankly, astonishing.”

A spokeswoman for TalkTalk responded by saying that customers can change their passwords “if they wish”, but that the company believed that there was “no risk to their personal information”.

So, should you change your password? In our mind, absolutely yes. It’ll avoid calls to the TalkTalk contact number down the line at the very least. It could also help protect your safety online, and that’s more than worth the minor inconvenience.