Hi Members -
We've realised that you may not have received this email that we sent out last week, if not, we're really sorry. If you did receive it, we're sorry you're getting it again, it's not another issue we promise!
We want to let you know that we've recently been informed of a security problem that could affect the BE Box, among other routers.
Essentially, the problem could allow somebody to change your router settings, and nobody wants that.
For you tech savvies, we've included more details at the bottom of this email.
Here's what we're doing:
We want everyone to be protected - even the people who don't read this email, so, we've decided to automatically update the password for everyone.
It will be unique to each user: we have run a script to change the password to the individual serial number on your BE Box (found on the bottom of the router). If you want to change it after that, go here for a guide:
https://www.bethere.co.uk/web/beportal/beboxpassword
Just to be clear, we haven't changed the wireless key - it's the password to the administrator web interface. That's the only change we will.or would.make.
All the best -
Everyone @BE
The Techie Stuff
The BE Box is vulnerable to an XSS (cross-site scripting) combined with a CRSF (cross-site request forgery) that allows a remote attacker to perform actions on the Web UI (user interface), via the use of JavaScript - and without the user's knowledge or consent.
In the short term, in order to stop this from occurring we have set the password on everyone's BE Box.
Now that we've done this, if someone tries to attack your router, you will be prompted to enter your Administrator Password. Don't do it, otherwise the attack will be successful. . (We'd like to think that most people wouldn't enter their username and password for a random unexpected login prompt)
In the long run we're working with Thomson to improve the firmware's resilience to such attacks.