TalkTalk faces new hack backlash after wi-fi attack

Just when TalkTalk chiefs thought it might – just might – be seeing the back of last year’s mass data breach, it has emerged that customers’ wi-fi passwords have been stolen following a malware attack that blocked their online access last week.
Pen Test Partners’ researcher Ken Munro said other details had also been taken that would let attackers pinpoint where the equipment was being used, making more targeted hacks possible. He reckons the company should recall at least 55,000 routers.
But a TalkTalk spokeswoman said it had not see evidence to confirm the thefts. “As is widely known, the Mirai worm is affecting many ISPs [internet service providers] around the world and it has affected a small number of TalkTalk customers,” she told the BBC.
“We continue to take steps to review any potential impacts and have deployed a variety of solutions to ensure customers’ routers remain safe. We have also employed additional network-level controls to further protect our customers.”
The issue first emerged last week following reports that TalkTalk’s D-Link DSL-3780 routers were struck by malware causing connectivity issues for customers. The firm then published advice online telling affected users to reset the equipment – which forced it to install an update to protect itself against the attack – and then “use the wireless network name and password on the back of the router” to get back online. TalkTalk had not said customers should change the password.
But having got hold of one of the routers, Munro detected that a follow-up attack involving the same malware caused the device to disclose its wi-fi password and Service Set Identifier (SSID) code.
“Most consumers never change the wi-fi keys written on the back of their router, so the fix didn’t actually fix the problem,” Munro explained. “Once an attacker has got the wi-fi key, if they go near to the house they can get nearly everything from their home network. TalkTalk should seriously consider replacing customer routers immediately unless it can prove they haven’t been compromised.”