Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


NZtechfreak

4649 posts

Uber Geek

Trusted

#160062 22-Dec-2014 11:36
Send private message

Curious to know people's thoughts on this situation.

I arrive at my parents house yesterday and the WiFi SSID and password have changed. The SSID has reverted to the factory default, and when I log into the router the administration password has also reverted to stock. Check devices that have logged on and lo and behold my nieces iPod has been logged onto to the network, along with a bunch of other devices whose names are friends of hers (you have to love the vanity). Call Telecom and she phoned them and asked for a new WiFi password in August. They obliged. She is not authorized to do this, and the account holder did not authorise this.

Honestly I'm flabbergasted that this could happen. Not only did they allow someone access who was excluded from accessing the network *by design*, in doing so they made the network incredibly vulnerable by returning the routers administration password to the factory default.

This strikes me as completely unacceptable. Any different takes?

Oh, should mention that during my call they made no attempt to verify that I was entitled to be given information on the account either...




Twitter: @nztechfreak
Blogs: HeadphoNZ.org


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
alasta
6701 posts

Uber Geek

Trusted
Subscriber

  #1201925 22-Dec-2014 11:39
Send private message

How can Spark change passwords and settings on the router? Surely that's something that has to be done locally?



NZtechfreak

4649 posts

Uber Geek

Trusted

  #1201927 22-Dec-2014 11:41
Send private message

alasta: How can Spark change passwords and settings on the router? Surely that's something that has to be done locally?


Actually, that's a good point, maybe they talked her through it - they told me when I spoke to them that they changed the password (presumably I was taking to low level phone staff). Still, unbelievable.




Twitter: @nztechfreak
Blogs: HeadphoNZ.org


lxsw20
3552 posts

Uber Geek

Subscriber

  #1201928 22-Dec-2014 11:42
Send private message

I think they may be able to access their own routers via the WAN interface. The other thing is they may have just talked her through a factory reset which would have the same result. 



Andib
1363 posts

Uber Geek

ID Verified
Trusted

  #1201929 22-Dec-2014 11:42
Send private message

Most of the ISP supplied modems now can be remotely managed by the ISP.
Makes changing wifi passwords for users MUCH easier. Imagine trying to guide your Grandmother to change the WPA key over the phone.




<# 
       .DISCLAIMER
       Anything I post is my own and not the views of my past/present/future employer.
#>


trig42
5809 posts

Uber Geek

ID Verified

  #1201931 22-Dec-2014 11:43
Send private message

It is unacceptable is Telecom/Spark told the niece over the phone how to reset the router - because that is all that has happened - without confirming she was the account holder.

 

But, I would say, it is not hard to impersonate the account holder - just need full name and DOB usually, and your daughter should know that :)

Having said that, it is not hard to poke a needle into the reset button of most routers - and Spark ones will not need setting back up (do not need a specific username and password entered for PPPoA).

I don't think getting angry at Spark is fair really - they are not the digital babysitter, they just provide the connection. If you.they want better security, don't be using the free router that came with your connection. I'd be surprised if any more than 5% of Spark routers (actually, 1% even) had the default admin password changed, let alone the WiFi password changed from the sticker on the bottom of them.

NZtechfreak

4649 posts

Uber Geek

Trusted

  #1201932 22-Dec-2014 11:45
Send private message

Andib: Most of the ISP supplied modems now can be remotely managed by the ISP.
Makes changing wifi passwords for users MUCH easier. Imagine trying to guide your Grandmother to change the WPA key over the phone.


Totally understand customer need for them having this capability, but there surely had to be some check with the account holder? I think I might check the SSIDs near my home and find some Telecom routers and get them to change the password for me, could do with more bandwidth this month...




Twitter: @nztechfreak
Blogs: HeadphoNZ.org


NZtechfreak

4649 posts

Uber Geek

Trusted

  #1201945 22-Dec-2014 11:50
Send private message

trig42: It is unacceptable is Telecom/Spark told the niece over the phone how to reset the router - because that is all that has happened - without confirming she was the account holder.
But, I would say, it is not hard to impersonate the account holder - just need full name and DOB usually, and your daughter should know that :)

Having said that, it is not hard to poke a needle into the reset button of most routers - and Spark ones will not need setting back up (do not need a specific username and password entered for PPPoA).

I don't think getting angry at Spark is fair really - they are not the digital babysitter, they just provide the connection. If you.they want better security, don't be using the free router that came with your connection. I'd be surprised if any more than 5% of Spark routers (actually, 1% even) had the default admin password changed, let alone the WiFi password changed from the sticker on the bottom of them.


Given its her grandfather's home and account, I doubt she could have impersonated the amount holder convincingly.

Their obligation to the security, surely, is not allowing for something like this to happen. Seems completely justified being pissed at then from where I'm sitting. Sad to say, but she isn't bright enough to do this on her own and it is extremely unlikely she'd have managed it without their assistance.

The proportion of Spark customers who have changed the default router passwords is irrelevant here, since this one was changed.




Twitter: @nztechfreak
Blogs: HeadphoNZ.org


 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
Batman
Mad Scientist
29760 posts

Uber Geek

Trusted
Lifetime subscriber

  #1201946 22-Dec-2014 11:51
Send private message

Don't blame spark completely. Teens are the least secure bit. If spark didn't tell her she could have figured it out herself

NZtechfreak

4649 posts

Uber Geek

Trusted

  #1201948 22-Dec-2014 11:52
Send private message

joker97: Don't blame spark completely. Teens are the least secure bit. If spark didn't tell her she could have figured it out herself


See above post, she's left high school to move to Oz in the hopes of getting a part in The GC 2. I'm serious. Of course Telecom isn't completely to blame here, but if they held up their end they'd at least have made the outcome rest on her intellect.




Twitter: @nztechfreak
Blogs: HeadphoNZ.org


trig42
5809 posts

Uber Geek

ID Verified

  #1201959 22-Dec-2014 12:01
Send private message

Never underestimate the cunning of a teenager. If she herself didn't work it our, someone in her social circle certainly could have.

 

But, as I said, Spark should not have helped her out without confirming she or whoever was on the phone to them was the account holder.


dafman
3925 posts

Uber Geek

Trusted

  #1201963 22-Dec-2014 12:16
Send private message

And if copyright material has been illegally downloaded, do spark send the copyright infringement notice to your parents or to themselves???

plambrechtsen
1948 posts

Uber Geek
Inactive user


  #1201985 22-Dec-2014 12:59
Send private message

If it was a Spark supplied modem then there is a default admin username & password, or no authentication required if you plug in via a wired connection. This would be the same for the vast majority of all modems sold throughout the entire world. And I would say it would be less than 1% of all customers who change the admin username & password to the router from the default.
In regards to the Wifi WPA(2) PSK shared key, this is written onto the bottom of all modems and a secure SSID and password, and the odd's of being able to guess it or brute force it is extremely remote.

There is WPA "Protected" Setup (and I use the quotes around protected since it does the exact opposite) which does have known issues but all modems supplied by Spark for the last 4+ years have be setup to use "Push Button" setup, which is more immune than the normal PIN based setup which has been shown to be completely insecure.

So in this regards there are a number of things the said teenager could have done without any assistance from a Spark CSR.

1) Reset the modem to factory default using a pin and then used the SSID & Password printed on the bottom of the modem
2) Replaced the modem with her own one and just unplugged the current modem as that would have just authenticated and she would have received service
3) Plugged in via using a laptop into the ethernet port and reset the SSID & Password to whatever she wanted.

All of which would require physical access into the house and to the modem. If she wasn't permitted to be in the house then that's a case for the police as it's breaking and entering in my personal view.

Physical security of the modem is vital otherwise any security procedures are a complete waste of time in my personal view.

NZtechfreak

4649 posts

Uber Geek

Trusted

  #1201994 22-Dec-2014 13:09
Send private message

dafman: And if copyright material has been illegally downloaded, do spark send the copyright infringement notice to your parents or to themselves???


This is part of the issue here. I would say Spark assumed responsibility for whatever happened on the connection the moment they aided a non-authorised person gain access.




Twitter: @nztechfreak
Blogs: HeadphoNZ.org


NZtechfreak

4649 posts

Uber Geek

Trusted

  #1201998 22-Dec-2014 13:12
Send private message

plambrechtsen: So in this regards there are a number of things the said teenager could have done without any assistance from a Spark CSR.


Agreed, but that is utterly irrelevant here since they *were* aided by a CSR.

I do appreciate that your response as a Spark representative was not to acknowledge that this a $*#& up on Sparks part *at all*, but instead to point out this could have been done without your company falling to live up to their obligations. Nice.

If you're going to post here as a Spark person, you could probably do with brushing up you own customer service skills - in the event of a definite mistake you should first and foremost acknowledge that and make an apology, then you can start trying to help the situation and towards getting things in a positive frame. Just so you know for future reference.





Twitter: @nztechfreak
Blogs: HeadphoNZ.org


cbrpilot
955 posts

Ultimate Geek

Trusted
Spark NZ

  #1202039 22-Dec-2014 13:59
Send private message

NZtechfreak Not trying to sound defensive, but I would suggest that you raise a complaint via a formal channel (i.e. not Geekzone) if you feel that we have failed to live up to our obligations in regards to privacy and security of your information.  That way the issue can be formally looked into in an appropriate setting.





My views are my own, and may not necessarily represent those of my employer.


 1 | 2 | 3
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.