D
DelJo63
BT's Home Hub, issued to the company's U.K. broadband subscribers, has an authentication vulnerability that enables a Web site rigged with malicious JavaScript to initiate a phone call, according to the group, GNUCitizen.
"We can tell your Home Hub to start a voice-over-IP connection with any telephone number on the planet," said Adrian Pastor in a video posted on the group's blog.
For a successful attack, a person has to be lured to a Web site hosting the malicious JavaScript. That could be accomplished by sending a fraudulent e-mail from the person's bank saying he should click on the link, which launches the JavaScript, said researcher Petko Petkov, in the same video.
see the article details
"We can tell your Home Hub to start a voice-over-IP connection with any telephone number on the planet," said Adrian Pastor in a video posted on the group's blog.
For a successful attack, a person has to be lured to a Web site hosting the malicious JavaScript. That could be accomplished by sending a fraudulent e-mail from the person's bank saying he should click on the link, which launches the JavaScript, said researcher Petko Petkov, in the same video.
see the article details
