Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


solival

160 posts

Master Geek


#248231 15-Mar-2019 17:11
Send private message

Had interesting wow moment couple days ago.

 

My wife had some issues with her WiFi network connections while I was unavailable. So, she called vodafone and asked for assistance. Vodafone employee was able to remotely reset router settings to default and change password per her request.

 

Technically, it makes sense that Vodafone had their "enough" with unexperienced users and included backdoor for their convenience, but I'm concerned because I was treating network as private and there are number of unencrypted channels SMB/NFS/HTTP control panels, etc. Also all router settings with port-forwarding, mac white lists, and other custom settings were completely wiped, which is annoying.

 

So my question is:

 

     

  1. What vodafone employees can do remotely in addition to hard reset and change password? Can they read any settings or only can set some of them?
  2. Should I install own Wi-Fi router instead of this one or I can somehow limit remote access to it without replacement?

 

 


Filter this topic showing only the reply marked as answer Create new topic
Linux
11391 posts

Uber Geek

Trusted
Lifetime subscriber

  #2198919 15-Mar-2019 17:31
Send private message

TR-069 access it's standard on many modems and not new

Carriers also use this access to upgrade modem firmware



  #2198925 15-Mar-2019 17:34
Send private message

High-level operations possible through TR-069

 

  • Service activation and reconfiguration

     

    • Initial configuration of the service as part of zero-touch or one-touch configuration process
    • Service re-establishment (ex. after device is factory-reset, exchanged)
  • Remote Subscriber Support

     

    • Verification of the device status and functionality
    • Manual reconfiguration
  • Firmware and Configuration Management

     

    • Firmware upgrade/downgrade
    • Configuration backup/restore
  • Diagnostics and monitoring

     

    • Throughput (TR-143) and connectivity diagnostics
    • Parameter value retrieval
    • Log file retrieval

solival

160 posts

Master Geek


  #2199214 15-Mar-2019 22:35
Send private message

Thanks for replys. While I'm googling about TR-069 to understand it better, is there way to disable it without replacing router?

 

I have two pieces set: modem + wifi router, and completely okay with managed modem. However, router is something I would like to have full control on.




Linux
11391 posts

Uber Geek

Trusted
Lifetime subscriber

  #2199217 15-Mar-2019 22:39
Send private message

Why replace it if it's doing it's job?

snnet
1410 posts

Uber Geek


  #2199272 15-Mar-2019 23:50
Send private message

Linux: Why replace it if it's doing it's job?

 

Probably not happy with the other settings that were wiped by the CSR


michaelmurfy
meow
13240 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2199278 16-Mar-2019 00:16
Send private message

While I am not going to get into the TR-069 debate all over again I'll say this.

 

Leave TR-069 turned on, don't mess around with it. It is not an exploit and not at all something you should be concerned about.

 

It is essential for pushing out updates which are there to improve your security. It also assists with support (from Vodafone, and Vodafone only) and allows them to push out settings that could be vital for your internet, or home phone (if you have one) to work correctly. Without TR-069 you could be opening yourself up for a lot more than just somebody doing their job and assisting with a support enquiry. Your Wife would have granted access to the Vodafone rep permission to do this.

 

There is no reason to replace the router, there is also no reason to put a tinfoil hat on. Just leave it be.





Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.


  #2199289 16-Mar-2019 02:58
Send private message

solival:

 

However, router is something I would like to have full control on.

 

 

you do though?


 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
Linux
11391 posts

Uber Geek

Trusted
Lifetime subscriber

  #2199330 16-Mar-2019 08:48
Send private message

snnet:

Linux: Why replace it if it's doing it's job?


Probably not happy with the other settings that were wiped by the CSR



So have a backup of the AP setup

sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #2199351 16-Mar-2019 09:39
Send private message

solival:

 

Thanks for replys. While I'm googling about TR-069 to understand it better, is there way to disable it without replacing router?

 

I have two pieces set: modem + wifi router, and completely okay with managed modem. However, router is something I would like to have full control on.

 

 

I'm totally confused.

 

You say you have two prices of hardware now. What are they and why? I just find it strange your device you're using as a separate router would lose it's settings when it's normally only the edge device managed by the RSP that would be under TR-069 control.

 

And no you can't disable TR-069 it's required for a number of reasons including being able to push critital firmware updates to devices. If you don't want the device reset in future it would pay to tell a CSR not to attempt a factory reset - which is a pretty standard thing to do when an end user is expericing issues.


solival

160 posts

Master Geek


  #2199464 16-Mar-2019 12:40
Send private message

Thanks for your opinions, I'm perfectly understand how cool this technology is.

 

For me it is more trust issue now, since Vodafone didn't even bothered to inform me that they can take over my LAN whenever they want. This rise questions what else they didn't bother to tell me?

 

Or may be I'm just jealous because if we included this kind of backdoor into our software without properly informing our partners we would be done next day after it got discovered.

 

Or may be I'm being paranoid about employee who has my address and list of connected devices and can advise his buddies about house with goodies (uhm.. actually not, I'm just upset). BTW "remote assistance" option was disabled, so why Vodafone employee still was able to hard reset router?

 

Anyway, I want to limit Vodafone service to maintain uplink on WAN and that's it.

 

And since firmware is controlled by Vodafone, its clear that I need different router. 

 

My question is there any lock between modem and router? Will modem work with third party router? And will Router work with non vodafone modem (e.g. can I sell it, it is quite good piece of hardware according specs)?

 

P.S. The Modem is a Technicolor TC4400VDF (and I'm happy for it to be managed by Vodafone). The Router is the Ultra Hub (HG695 I believe)


hio77
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks

  #2199470 16-Mar-2019 12:45
Send private message

Do you use Vodafones voice service?

I'd hazard a guess that's fully remote managed without the reps having access to passwords for the voip client.


If a rsp rep abused their powers to investigate an house and pass on what goodies that has for a potential robbery can guarantee that would be against their employment contact. There will the confidentiality clause in there for privlaged access to information.

Highly likely usage of these tools are also reported on.




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 


solival

160 posts

Master Geek


  #2199507 16-Mar-2019 13:35
Send private message

No voice, naked broadband.


SpartanVXL
1306 posts

Uber Geek


  #2199519 16-Mar-2019 14:04
Send private message

I dont know about the ultra hub but the HG 659 you could disable TR-069, remote assistance and the option (that i forget the name of) that would expose a webpage to public WAN. You have to login using “Admin” credentials to see the option.

Frankly just use your own router if you dont want the worry. If you ever need assistance on the line being down just mention that you have both routers and put the VF router back in when you call them up for help. Do test using both otherwise Vf support will often default to just replacing the VF router if anything goes wrong.

hio77
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks

  #2199547 16-Mar-2019 14:36
Send private message

Can't agree enough with the above.

If your having issues. Plug in the provider supplied modem then reach out.
This just makes the whole troubleshooting process real easy.
Also ticks off the list it simply being a modem issue and essentially forces a reboot and replugin of device (which often a loose cable can cause a skew of issues)




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 


Filter this topic showing only the reply marked as answer Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.