HELLO & WELCOME

[WelshPaul]

So it turns out that customers of British Telecoms 'BT' consumer broadband service should avoid using the ISPs 'Home Hub' router for business style VoIP because of a seemingly deliberate built-in weakness that, no matter what security settings you choose on the hub, it will always leave port 5060 open.

A number of businesses have fallen foul of this security flaw (some of which were sent BT’s consumer Home Hub instead of the needed Business Hub) and in so doing have left themselves exposed to hackers who can break into connected VoIP systems.

The story is covered in much more detail over at The Register, which reveals no matter what you do(e.g. blocking all incoming ports, setting UPnP off, using 256bit passwords etc.) the standard port for VoIP (5060) will always remain open to any incoming connections and the hub will even do the NAT for you until it can find a working SIP device.

BT’s Statement

BT has investigated similar issues and concluded that there is no fault with the way BT’s Consumer Home Hubs operate to allow VoIP calls over the internet.

It’s inappropriate to connect an IP PBX to the internet without taking additional steps to secure it.

If a customer does choose to set up their own IP PBX they must ensure that it is configured securely so they do not leave themselves exposed to potentially fraudulent behaviour.

The vast majority of BT customers would never use an IP PBX in this way, so there is very little risk that other customers would experience the same issue.

[pwarbi]

Well I'm just surprised that BT have actually come out and made a statement in the first place and secondly done something about it to fix the issue (if they have)

I'm not a fan of BT as you might be able to tell, then again, I don't know many who are.

[kylerlittle]

I can see that a lot of people recently have been complaining about BT due to the speed it provides and how it is so slow even if they offer high internet speed connection, which I don't really see, because my girlfriend has BT and she isn't liking it.

[pwarbi]

BT seem to be going through the same as what talktalk did a while ago. Every story that comes out is about how bad their service is.

I'm not saying that stories such as this are going to be the death of BT, but it's certainly not helping their reputation at the moment.

[Bonzer]

Firms can come up with these stories when they no longer want to invest more funds to beef up their infrastructure. They might be indicating to the customers to fend for themselves while not doing the required stuff on their end.