TalkTalk routers have been hit by a variant of the now famous Mirai worm. According to Ken Munro, one of the managing partners at Ken Test Partners, the router of TalkTalk known as D-Link DSL-3780, has been affected by a slightly new variant of Mirai worm called TR-06FAIL.
The bug has been causing problems to the routers for weeks now. According to a report published by the BBC, some routers of TalkTalk were affected by the bug as early as last week. The bug caused connectivity problems for the affected routers.
In response to the earlier attack, TalkTalk asked users to reset their devices as a way of dealing with the bug. In a statement, the company acknowledged that a form of malware had hit some of its routers and that they were monitoring the situation.
However, what many users and experts are concerned about is the frequency and extent of the attack. Reports indicate that apart from the attack that took place last week, a new attack has been discovered. Ken Munro of Ken Test Partners has said that tests indicate that a new attack has occurred.
Also, reports indicate that the new attack not only causes the routers to fail to connect to the internet but also exposes the data of users of the devices. According to Munro, the devices that have been affected by the new attack can now accidentally show sensitive information about their passwords and SSID code. The SSID code is a special type of code that is used to identify the service set of a user. On the other hand, the Wi-Fi password helps users to protect their networks against unauthorised access.
If reports that the new attack is causing TalkTalk devices to disclose their passwords and other important codes, then the company as well as users are in danger. Disclosed passwords easily compromise the security of the users. Also, when the routers expose their SSID codes, attackers can easily determine the location of every router and then launch specific attacks against vulnerable devices.
However, TalkTalk has been quick to deny the existence of a second hack. The company has said that it is yet to verify reports that some of its routers have been attacked for the second time. The company has added that if this is indeed verified to be true, it will take the necessary steps to deal with the situation effectively.
In light of these recent developments, some observers are asking the company to recall all the affected devices as the most effective way of protecting its clients. What is important to note is that TalkTalk finds it difficult to recall the affected devices at this stage because of the financial implications that such a move would have. It remains to be seen how the company will handle the crisis.