Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




157 posts

Master Geek
+1 received by user: 20


Topic # 248231 15-Mar-2019 17:11
Send private message quote this post

Had interesting wow moment couple days ago.

 

My wife had some issues with her WiFi network connections while I was unavailable. So, she called vodafone and asked for assistance. Vodafone employee was able to remotely reset router settings to default and change password per her request.

 

Technically, it makes sense that Vodafone had their "enough" with unexperienced users and included backdoor for their convenience, but I'm concerned because I was treating network as private and there are number of unencrypted channels SMB/NFS/HTTP control panels, etc. Also all router settings with port-forwarding, mac white lists, and other custom settings were completely wiped, which is annoying.

 

So my question is:

 

     

  1. What vodafone employees can do remotely in addition to hard reset and change password? Can they read any settings or only can set some of them?
  2. Should I install own Wi-Fi router instead of this one or I can somehow limit remote access to it without replacement?

 

 


Filter this topic showing only the reply marked as answer Create new topic
4229 posts

Uber Geek
+1 received by user: 2420

Trusted
Lifetime subscriber

  Reply # 2198919 15-Mar-2019 17:31
2 people support this post
Send private message quote this post

TR-069 access it's standard on many modems and not new

Carriers also use this access to upgrade modem firmware

8208 posts

Uber Geek
+1 received by user: 2781

Lifetime subscriber

  Reply # 2198925 15-Mar-2019 17:34
One person supports this post
Send private message quote this post

High-level operations possible through TR-069

 

  • Service activation and reconfiguration

     

    • Initial configuration of the service as part of zero-touch or one-touch configuration process
    • Service re-establishment (ex. after device is factory-reset, exchanged)
  • Remote Subscriber Support

     

    • Verification of the device status and functionality
    • Manual reconfiguration
  • Firmware and Configuration Management

     

    • Firmware upgrade/downgrade
    • Configuration backup/restore
  • Diagnostics and monitoring

     

    • Throughput (TR-143) and connectivity diagnostics
    • Parameter value retrieval
    • Log file retrieval

 
 
 
 




157 posts

Master Geek
+1 received by user: 20


  Reply # 2199214 15-Mar-2019 22:35
Send private message quote this post

Thanks for replys. While I'm googling about TR-069 to understand it better, is there way to disable it without replacing router?

 

I have two pieces set: modem + wifi router, and completely okay with managed modem. However, router is something I would like to have full control on.


4229 posts

Uber Geek
+1 received by user: 2420

Trusted
Lifetime subscriber

  Reply # 2199217 15-Mar-2019 22:39
Send private message quote this post

Why replace it if it's doing it's job?

377 posts

Ultimate Geek
+1 received by user: 71


  Reply # 2199272 15-Mar-2019 23:50
Send private message quote this post

Linux: Why replace it if it's doing it's job?

 

Probably not happy with the other settings that were wiped by the CSR


Mr Snotty
8407 posts

Uber Geek
+1 received by user: 4341

Moderator
Trusted
Lifetime subscriber

  Reply # 2199278 16-Mar-2019 00:16
2 people support this post
Send private message quote this post

While I am not going to get into the TR-069 debate all over again I'll say this.

 

Leave TR-069 turned on, don't mess around with it. It is not an exploit and not at all something you should be concerned about.

 

It is essential for pushing out updates which are there to improve your security. It also assists with support (from Vodafone, and Vodafone only) and allows them to push out settings that could be vital for your internet, or home phone (if you have one) to work correctly. Without TR-069 you could be opening yourself up for a lot more than just somebody doing their job and assisting with a support enquiry. Your Wife would have granted access to the Vodafone rep permission to do this.

 

There is no reason to replace the router, there is also no reason to put a tinfoil hat on. Just leave it be.





8208 posts

Uber Geek
+1 received by user: 2781

Lifetime subscriber

  Reply # 2199289 16-Mar-2019 02:58
Send private message quote this post

solival:

 

However, router is something I would like to have full control on.

 

 

you do though?


4229 posts

Uber Geek
+1 received by user: 2420

Trusted
Lifetime subscriber

  Reply # 2199330 16-Mar-2019 08:48
Send private message quote this post

snnet:

Linux: Why replace it if it's doing it's job?


Probably not happy with the other settings that were wiped by the CSR



So have a backup of the AP setup

27556 posts

Uber Geek
+1 received by user: 7007

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 2199351 16-Mar-2019 09:39
2 people support this post
Send private message quote this post

solival:

 

Thanks for replys. While I'm googling about TR-069 to understand it better, is there way to disable it without replacing router?

 

I have two pieces set: modem + wifi router, and completely okay with managed modem. However, router is something I would like to have full control on.

 

 

I'm totally confused.

 

You say you have two prices of hardware now. What are they and why? I just find it strange your device you're using as a separate router would lose it's settings when it's normally only the edge device managed by the RSP that would be under TR-069 control.

 

And no you can't disable TR-069 it's required for a number of reasons including being able to push critital firmware updates to devices. If you don't want the device reset in future it would pay to tell a CSR not to attempt a factory reset - which is a pretty standard thing to do when an end user is expericing issues.




157 posts

Master Geek
+1 received by user: 20


  Reply # 2199464 16-Mar-2019 12:40
Send private message quote this post

Thanks for your opinions, I'm perfectly understand how cool this technology is.

 

For me it is more trust issue now, since Vodafone didn't even bothered to inform me that they can take over my LAN whenever they want. This rise questions what else they didn't bother to tell me?

 

Or may be I'm just jealous because if we included this kind of backdoor into our software without properly informing our partners we would be done next day after it got discovered.

 

Or may be I'm being paranoid about employee who has my address and list of connected devices and can advise his buddies about house with goodies (uhm.. actually not, I'm just upset). BTW "remote assistance" option was disabled, so why Vodafone employee still was able to hard reset router?

 

Anyway, I want to limit Vodafone service to maintain uplink on WAN and that's it.

 

And since firmware is controlled by Vodafone, its clear that I need different router. 

 

My question is there any lock between modem and router? Will modem work with third party router? And will Router work with non vodafone modem (e.g. can I sell it, it is quite good piece of hardware according specs)?

 

P.S. The Modem is a Technicolor TC4400VDF (and I'm happy for it to be managed by Vodafone). The Router is the Ultra Hub (HG695 I believe)


'That VDSL Cat'
9655 posts

Uber Geek
+1 received by user: 2238

Trusted
Spark
Subscriber

  Reply # 2199470 16-Mar-2019 12:45
Send private message quote this post

Do you use Vodafones voice service?

I'd hazard a guess that's fully remote managed without the reps having access to passwords for the voip client.


If a rsp rep abused their powers to investigate an house and pass on what goodies that has for a potential robbery can guarantee that would be against their employment contact. There will the confidentiality clause in there for privlaged access to information.

Highly likely usage of these tools are also reported on.




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.




157 posts

Master Geek
+1 received by user: 20


  Reply # 2199507 16-Mar-2019 13:35
Send private message quote this post

No voice, naked broadband.


360 posts

Ultimate Geek
+1 received by user: 133


  Reply # 2199519 16-Mar-2019 14:04
One person supports this post
Send private message quote this post

I dont know about the ultra hub but the HG 659 you could disable TR-069, remote assistance and the option (that i forget the name of) that would expose a webpage to public WAN. You have to login using “Admin” credentials to see the option.

Frankly just use your own router if you dont want the worry. If you ever need assistance on the line being down just mention that you have both routers and put the VF router back in when you call them up for help. Do test using both otherwise Vf support will often default to just replacing the VF router if anything goes wrong.

'That VDSL Cat'
9655 posts

Uber Geek
+1 received by user: 2238

Trusted
Spark
Subscriber

  Reply # 2199547 16-Mar-2019 14:36
Send private message quote this post

Can't agree enough with the above.

If your having issues. Plug in the provider supplied modem then reach out.
This just makes the whole troubleshooting process real easy.
Also ticks off the list it simply being a modem issue and essentially forces a reboot and replugin of device (which often a loose cable can cause a skew of issues)




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


Filter this topic showing only the reply marked as answer Create new topic


Donate via Givealittle


Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Two e-scooter companies selected for Wellington trial
Posted 15-Mar-2019 17:33


GeForce GTX 1660 available now
Posted 15-Mar-2019 08:47


Artificial Intelligence to double the rate of innovation in New Zealand by 2021
Posted 13-Mar-2019 14:47


LG demonstrates smart home concepts at LG InnoFest
Posted 13-Mar-2019 14:45


New Zealanders buying more expensive smartphones
Posted 11-Mar-2019 09:52


2degrees Offers Amazon Prime Video to Broadband Customers
Posted 8-Mar-2019 14:10


D-Link ANZ launches D-Fend AC2600 Wi-Fi Router Protected by McAfee
Posted 7-Mar-2019 11:09


Slingshot commissions celebrities to design new modems
Posted 5-Mar-2019 08:58


Symantec Annual Threat Report reveals more ambitious, destructive and stealthy attacks
Posted 28-Feb-2019 10:14


FUJIFILM launches high performing X-T30
Posted 28-Feb-2019 09:40


Netflix is killing content piracy says research
Posted 28-Feb-2019 09:33


Trend Micro finds shifting threats require kiwis to rethink security priorities
Posted 28-Feb-2019 09:27


Mainfreight uses Spark IoT Asset Tracking service
Posted 28-Feb-2019 09:25


Spark IoT network now covers 98% of New Zealand population
Posted 19-Feb-2019 09:28


Two e-Scooters company to trial in Wellington streets
Posted 14-Feb-2019 20:33



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.