Internet security update: BT to fix Heartbleed-affected hubs as first hacker arrest is made

As websites struggle to fix the Heartbleed security flaw, a teenager was arrested in Canada for accessing 900 social security numbers.

By Dave Lancaster |

11:42 17 April 2014

When the Heartbleed internet security bug struck last week, it sent thousands of websites and companies into a panic as they patched their security up. 

 

Now BT has confirmed that they are fixing affected home broadband hubs as a precaution.

 

"BT customers needn’t worry about this," the company said in a statement. "The risk is extremely low. It’s not possible for a hacker to gain access to your Home Hub unless they physically connect a cable to it inside your home or they have found out your Wi-Fi password.

 

"Even this would not give them access to your data, or allow them to make any changes to your Home Hub. We take internet security very seriously so despite this we will issuing a software patch for the affected Home Hubs."

 

Meanwhile, Netgear - the maker of the routers for Sky Broadband and other providers - told the Guardian that their devices are immune because they don't adopt the affected SSL encryption at all. 

 

A spokeswoman said: "We are aware of this Heartbleed bug and we have checked it with our engineers. Our home devices such as routers are not affected by it because our routers are all using http locally. Netgear can confirm no vulnerabilities to the Heartbleed bug have been found in our routers."

 

Less fortunate was Mumsnet, one of the few sites to acknowledge taking a bad hit after hackers targeted the site after exploiting the flaws highlighted in the Heartbleed bug. 

 

The parenting website has 1.5 million registered users. In an email to members, Mumsnet said: “We have no way of knowing which Mumsnetters were affected by this. The worst-case scenario is that the data of every Mumsnet user account was accessed.

 

“It is possible that this information could then have been used to log in as you and give access to your posting history, your personal messages and your personal profile, although we should say that we have seen no evidence of anyone’s account being used for anything other than to flag up the security breach, thus far.”

 

Its customers were urged to change their passwords. 

 

 

 

 

 

What you need to know about the Heartbleed internet password bug

 

The Guardian also revealed that millions of Android smartphones could be affected. Indeed, Google made their own announcement advising that any device running a specific version of its Jelly Bean software would be vulnerable. This alone could affect 50m devices worldwide. 

 

The news comes as Stephen Arthuro Solis-Reyes of London (Canada, not England) was officially charged with ”unauthorized use of a computer” and “mischief in relation to data” after he allegedly hacked the personal data of 900 Candadians, exposing their social security details. 

 

It is thought that flaws highlighted in the Heartbleed bug enabled him to successfully hack into the government body's site data. Solis-Reyes apparently accessed the server in the hours between when the Heartbleed bug went public and the Canadian Revenue Agency patched their servers. 

 

The Heartbleed security flaw went undetected for years, affectively granting anyone access to data such as passwords and card details that are held behind walls of SSL encryption. The manner of the bug allows the hackers to vanish without a trace. 

 

 

 

Now's the time to read our feature on the top 25 WORST possible passwords you can choose.