Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsVodafone New ZealandHow far vodafone employees can control Ultra Hub?


157 posts

Master Geek


# 248231 15-Mar-2019 17:11
Send private message

Had interesting wow moment couple days ago.

 

My wife had some issues with her WiFi network connections while I was unavailable. So, she called vodafone and asked for assistance. Vodafone employee was able to remotely reset router settings to default and change password per her request.

 

Technically, it makes sense that Vodafone had their "enough" with unexperienced users and included backdoor for their convenience, but I'm concerned because I was treating network as private and there are number of unencrypted channels SMB/NFS/HTTP control panels, etc. Also all router settings with port-forwarding, mac white lists, and other custom settings were completely wiped, which is annoying.

 

So my question is:

 

     

  1. What vodafone employees can do remotely in addition to hard reset and change password? Can they read any settings or only can set some of them?
  2. Should I install own Wi-Fi router instead of this one or I can somehow limit remote access to it without replacement?

 

 

Filter this topic showing only the reply marked as answer Create new topic
5503 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2198919 15-Mar-2019 17:31
2 people support this post
Send private message

TR-069 access it's standard on many modems and not new

Carriers also use this access to upgrade modem firmware

8909 posts

Uber Geek

Lifetime subscriber

  # 2198925 15-Mar-2019 17:34
One person supports this post
Send private message

High-level operations possible through TR-069

 

  • Service activation and reconfiguration

     

    • Initial configuration of the service as part of zero-touch or one-touch configuration process
    • Service re-establishment (ex. after device is factory-reset, exchanged)
  • Remote Subscriber Support

     

    • Verification of the device status and functionality
    • Manual reconfiguration
  • Firmware and Configuration Management

     

    • Firmware upgrade/downgrade
    • Configuration backup/restore
  • Diagnostics and monitoring

     

    • Throughput (TR-143) and connectivity diagnostics
    • Parameter value retrieval
    • Log file retrieval

 
 
 
 




157 posts

Master Geek


  # 2199214 15-Mar-2019 22:35
Send private message

Thanks for replys. While I'm googling about TR-069 to understand it better, is there way to disable it without replacing router?

 

I have two pieces set: modem + wifi router, and completely okay with managed modem. However, router is something I would like to have full control on.

5503 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2199217 15-Mar-2019 22:39
Send private message

Why replace it if it's doing it's job?

456 posts

Ultimate Geek


  # 2199272 15-Mar-2019 23:50
Send private message

Linux: Why replace it if it's doing it's job?

 

Probably not happy with the other settings that were wiped by the CSR

Mr Snotty
8906 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 2199278 16-Mar-2019 00:16
2 people support this post
Send private message

While I am not going to get into the TR-069 debate all over again I'll say this.

 

Leave TR-069 turned on, don't mess around with it. It is not an exploit and not at all something you should be concerned about.

 

It is essential for pushing out updates which are there to improve your security. It also assists with support (from Vodafone, and Vodafone only) and allows them to push out settings that could be vital for your internet, or home phone (if you have one) to work correctly. Without TR-069 you could be opening yourself up for a lot more than just somebody doing their job and assisting with a support enquiry. Your Wife would have granted access to the Vodafone rep permission to do this.

 

There is no reason to replace the router, there is also no reason to put a tinfoil hat on. Just leave it be.




Michael Murphy | https://murfy.nz
A quick guide to picking the right ISP | The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial | Sharesies

8909 posts

Uber Geek

Lifetime subscriber

  # 2199289 16-Mar-2019 02:58
Send private message

solival:

 

However, router is something I would like to have full control on.

 

 

you do though?

 
 
 
 


5503 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2199330 16-Mar-2019 08:48
Send private message

snnet:

Linux: Why replace it if it's doing it's job?


Probably not happy with the other settings that were wiped by the CSR



So have a backup of the AP setup

28346 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 2199351 16-Mar-2019 09:39
2 people support this post
Send private message

solival:

 

Thanks for replys. While I'm googling about TR-069 to understand it better, is there way to disable it without replacing router?

 

I have two pieces set: modem + wifi router, and completely okay with managed modem. However, router is something I would like to have full control on.

 

 

I'm totally confused.

 

You say you have two prices of hardware now. What are they and why? I just find it strange your device you're using as a separate router would lose it's settings when it's normally only the edge device managed by the RSP that would be under TR-069 control.

 

And no you can't disable TR-069 it's required for a number of reasons including being able to push critital firmware updates to devices. If you don't want the device reset in future it would pay to tell a CSR not to attempt a factory reset - which is a pretty standard thing to do when an end user is expericing issues.



157 posts

Master Geek


  # 2199464 16-Mar-2019 12:40
Send private message

Thanks for your opinions, I'm perfectly understand how cool this technology is.

 

For me it is more trust issue now, since Vodafone didn't even bothered to inform me that they can take over my LAN whenever they want. This rise questions what else they didn't bother to tell me?

 

Or may be I'm just jealous because if we included this kind of backdoor into our software without properly informing our partners we would be done next day after it got discovered.

 

Or may be I'm being paranoid about employee who has my address and list of connected devices and can advise his buddies about house with goodies (uhm.. actually not, I'm just upset). BTW "remote assistance" option was disabled, so why Vodafone employee still was able to hard reset router?

 

Anyway, I want to limit Vodafone service to maintain uplink on WAN and that's it.

 

And since firmware is controlled by Vodafone, its clear that I need different router. 

 

My question is there any lock between modem and router? Will modem work with third party router? And will Router work with non vodafone modem (e.g. can I sell it, it is quite good piece of hardware according specs)?

 

P.S. The Modem is a Technicolor TC4400VDF (and I'm happy for it to be managed by Vodafone). The Router is the Ultra Hub (HG695 I believe)

'That VDSL Cat'
11171 posts

Uber Geek

Trusted
Spark
Subscriber

  # 2199470 16-Mar-2019 12:45
Send private message

Do you use Vodafones voice service?

I'd hazard a guess that's fully remote managed without the reps having access to passwords for the voip client.


If a rsp rep abused their powers to investigate an house and pass on what goodies that has for a potential robbery can guarantee that would be against their employment contact. There will the confidentiality clause in there for privlaged access to information.

Highly likely usage of these tools are also reported on.




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.



157 posts

Master Geek


  # 2199507 16-Mar-2019 13:35
Send private message

No voice, naked broadband.

471 posts

Ultimate Geek


  # 2199519 16-Mar-2019 14:04
One person supports this post
Send private message

I dont know about the ultra hub but the HG 659 you could disable TR-069, remote assistance and the option (that i forget the name of) that would expose a webpage to public WAN. You have to login using “Admin” credentials to see the option.

Frankly just use your own router if you dont want the worry. If you ever need assistance on the line being down just mention that you have both routers and put the VF router back in when you call them up for help. Do test using both otherwise Vf support will often default to just replacing the VF router if anything goes wrong.

'That VDSL Cat'
11171 posts

Uber Geek

Trusted
Spark
Subscriber

  # 2199547 16-Mar-2019 14:36
Send private message

Can't agree enough with the above.

If your having issues. Plug in the provider supplied modem then reach out.
This just makes the whole troubleshooting process real easy.
Also ticks off the list it simply being a modem issue and essentially forces a reboot and replugin of device (which often a loose cable can cause a skew of issues)




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

Filter this topic showing only the reply marked as answer Create new topic



Switch your broadband provider now - compare prices


Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08

Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55

Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19

Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48

CarbonClick launches into Digital Marketplaces
Posted 6-Nov-2019 11:42

Kordia offers Microsoft Azure Peering Service
Posted 6-Nov-2019 11:41

Spark 5G live on Auckland Harbour for Emirates Team New Zealand
Posted 4-Nov-2019 17:30

BNZ and Vodafone partner to boost NZ Tech for SME
Posted 31-Oct-2019 17:14

Nokia 7.2 available in New Zealand
Posted 31-Oct-2019 16:24

2talk launches Microsoft Teams Direct Routing product
Posted 29-Oct-2019 10:35

New Breast Cancer Foundation app puts power in Kiwi women's hands
Posted 25-Oct-2019 16:13

OPPO Reno2 Series lands, alongside hybrid noise-cancelling Wireless Headphones
Posted 24-Oct-2019 15:32

Waikato Data Scientists awarded $13 million from the Government
Posted 24-Oct-2019 15:27

D-Link launches Wave 2 Unified Access Points
Posted 24-Oct-2019 15:07

LG Electronics begins distributing the G8X THINQ
Posted 24-Oct-2019 10:58


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.