Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




815 posts

Ultimate Geek

Trusted

#238256 9-Jul-2018 14:46
Send private message

I am wondering if anyone else has experienced the following issue on 2Degrees home phone plus.

 

Toll calls have been made from my phone to France from Saturday morning until early Monday morning. The calls are short and I have been charged $5 each time. Totalling just over $400.

 

The strange thing is that no one in this house has ever made a call to France.

 

I received a text message from 2degrees at 9am this morning. They advised there had been high toll call usage and wanted to check if these were genuine.

 

I called 2degrees and advised they were not genuine. Only to be told that I will still have to pay the toll charges. As the calls were made from my account.

 

I have spoken to a supervisor who will talk to accounts.

 

I really would have thought there would be a system in place to detect abnormal usage. With a toll bar applied until confirmation is received from the user.

 

The explanation from 2degrees is that someone has used a brute force method to gain access to the modem. Via remote access. They have factory reset the modem. This will supposedly prevent any further charges. I find this a bit hard to believe. Although I have a toll bar in place now.

 

Does this sound familiar to anyone? 


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
5913 posts

Uber Geek

Trusted
Lifetime subscriber

  #2052062 9-Jul-2018 14:58
Send private message

Are you using 2Degrees provided hardware / modem or 3rd party?

 

John




815 posts

Ultimate Geek

Trusted

  #2052069 9-Jul-2018 15:02
Send private message

Hi John

I am using the 2degrees supplied and configured fritzbox.

 
 
 
 


4334 posts

Uber Geek


  #2052079 9-Jul-2018 15:24
Send private message

mattRSK:

 

The calls are short and I have been charged $5 each time. Totalling just over $400.

 

 

So I'm assuming that they are to "premium" services, - it does sound like you may have been compromised somewhere along the line,

 

Do any other apps/devices have access to the outgoing number,  


5210 posts

Uber Geek

Trusted
Lifetime subscriber

  #2052084 9-Jul-2018 15:38
Send private message

mattRSK:

 

I really would have thought there would be a system in place to detect abnormal usage.

 

 

 

 

Not that I am unsympathetic about fraud, but you said you received a text advising of abnormal usage, so, it looks like there is (and in fact there is such a fraud management system on the mobile side of the business too; possibly even the same system), and hooray for you that you found out the next day instead of on your bill after it was $40,000 instead of $400.

 

In regards to toll bars being put in place until a subscriber confirms, well, it's not my system, but I can tell you that in general you can please some of the people some of the time, but not all of the people any of the time. If by default a toll bar was in place until people asked for it to be removed, you'd have people complaining that it was outrageous they had to call up and get the toll bar removed, and why didn't <provider> allow them to just do it because it's 2018 and it's a global world etc etc.?

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.





iPad Pro 11" + iPhone XS + 2degrees 4tw!

 

These comments are my own and do not represent the opinions of 2degrees.


4356 posts

Uber Geek

Trusted

  #2052095 9-Jul-2018 15:55
9 people support this post
Send private message

Sounds like this is 100% on two degrees to credit back and fix properly.

I would say different if it was a customer configuration that got hacked. But the whole point of managing voice service is so you can control the security too.

28693 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  #2052098 9-Jul-2018 16:06
One person supports this post
Send private message

SaltyNZ:

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

 

 

The last time this happened to people it was the Fritzbox that was compromised not somebody brute forcing SIP credentials.

 

 




815 posts

Ultimate Geek

Trusted

  #2052100 9-Jul-2018 16:07
One person supports this post
Send private message

Thanks for your responses. 

 

I guess where I am coming from is that I now have an additional $400 expense, through no fault of my own. Simply by having a connected phone line I am at risk of these charges. There is nothing I could have done differently to avoid these charges.


 
 
 
 


'That VDSL Cat'
11720 posts

Uber Geek

Trusted
Spark
Subscriber

  #2052101 9-Jul-2018 16:11
Send private message

sbiddle:

 

SaltyNZ:

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

 

 

The last time this happened to people it was the Fritzbox that was compromised not somebody brute forcing SIP credentials.

 

 

 

 

Thought they patched this?

 

 

 

@OP is your fritzbox up to date?





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.




815 posts

Ultimate Geek

Trusted

  #2052104 9-Jul-2018 16:24
Send private message

hio77:

 

sbiddle:

 

SaltyNZ:

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

 

 

The last time this happened to people it was the Fritzbox that was compromised not somebody brute forcing SIP credentials.

 

 

 

 

Thought they patched this?

 

 

 

@OP is your fritzbox up to date?

 

 

 

 

I have Fritz!OS 06.52. I've just checked and 06.84 is available. Trouble is 2degrees do not provide information on which OS it should be. 

 

A replacement Fritzbox was sent out last year from 2degrees, I am not sure why though.


4455 posts

Uber Geek

Trusted
Subscriber

  #2052107 9-Jul-2018 16:26
Send private message

Here's a thread on a similar issue back when 2 Degrees was Snap; I got 'hacked' twice, but didn't have to pay either time (and damn well shouldn't have had to, given where the fault lay).

 

https://www.geekzone.co.nz/forums.asp?forumid=85&topicid=148602&singlepage=yes


5690 posts

Uber Geek


  #2052108 9-Jul-2018 16:30
One person supports this post
Send private message

An old thread from Snap days https://www.geekzone.co.nz/forums.asp?forumid=85&topicid=148602

 

It mentions unusual log entries on the Fritz prior to the calls - may pay to check if you are seeing something similar.

 

EDIT: Doh - beaten to it by @jonathan18




815 posts

Ultimate Geek

Trusted

  #2052109 9-Jul-2018 16:31
Send private message

jonathan18:

 

Here's a thread on a similar issue back when 2 Degrees was Snap; I got 'hacked' twice, but didn't have to pay either time (and damn well shouldn't have had to, given where the fault lay).

 

https://www.geekzone.co.nz/forums.asp?forumid=85&topicid=148602&singlepage=yes

 

 

 

 

Now I wish I had checked the log before the factory reset. Reading that thread it seems that the same problem still exists.


1431 posts

Uber Geek


  #2052140 9-Jul-2018 17:44
Send private message

I wonder if they provision ONT voice on request?

5210 posts

Uber Geek

Trusted
Lifetime subscriber

  #2052390 10-Jul-2018 08:48
Send private message

sbiddle:

 

SaltyNZ:

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

 

 

The last time this happened to people it was the Fritzbox that was compromised not somebody brute forcing SIP credentials.

 

 

 

 

 

 

Ah, yes, not a lot you can do about that...





iPad Pro 11" + iPhone XS + 2degrees 4tw!

 

These comments are my own and do not represent the opinions of 2degrees.


436 posts

Ultimate Geek
Inactive user


  #2052505 10-Jul-2018 10:57
Send private message

SaltyNZ:

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

 

 

LOL seriously would a VOIP provider operate open SIP without an SBC with no brute force protection? I hope not.


 1 | 2
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Vodafone mobile data plans with unlimited data
Posted 26-Feb-2020 06:55


Vodafone launches innovation initiatives to help businesses use 5G
Posted 26-Feb-2020 05:00


Ultimate Ears HYPERBOOM brings massive sound and extreme bass
Posted 25-Feb-2020 09:00


Withings launches three new devices to help monitor heart health from home
Posted 13-Feb-2020 20:05


Auckland start-up Yourcar matches new car buyers with dealerships
Posted 13-Feb-2020 18:05


School gardens go high tech to teach kids the importance of technology
Posted 13-Feb-2020 11:10


Malwarebytes finds Mac threats outpace Windows for the first time
Posted 13-Feb-2020 08:01


Amazon launches Echo Show 8 in Australia and New Zealand
Posted 8-Feb-2020 20:36


Vodafone New Zealand starts two year partnership with LetsPlay.Live
Posted 28-Jan-2020 11:24


Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.