NZ Herald - Internet providers have backdoor access to customers' modems

Forums › New Zealand Broadband › NZ Herald - Internet providers have backdoor access to customers' modems

1 | 2 | 3 | 4 | 5 | 6

6231 posts

Uber Geek

Trusted

Lifetime subscriber

#1789065 27-May-2017 10:45

Now for my next big scam: Good evening, I'm calling from Huawei. It appears your modem is causing some security issues on the internet. I need to urgently remote into your computer to check it out. Yes indeed it is suffering from the T69 virus. I can fix that by loading a special super secure BOT firmware for only $199.

Rural IT and Broadband support.

Broadband troubleshooting and master filter installs.
Starlink installer - one month free: https://www.starlink.com/?referral=RC-32845-88860-71
Wi-Fi and networking
Cel-Fi supply and installer - boost your mobile phone coverage legally

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com

Toatahu

3 posts

Wannabe Geek

#1790256 27-May-2017 15:00

So this is much the same as the article in PCworld 2014 (can't post links but article called "Many home routers supplied by ISPs can be compromised en masse, researchers say")... and it is not a security issue? How so.

surfisup1000

5288 posts

Uber Geek

#1790270 27-May-2017 15:48

Gonna play the devils advocate here.

I'm not an expert in this, but is it possible a rogue employee could alter customer network settings to enable man-in-the-middle attacks on a customers passwords and banking details?

It would be tricky to trace too.

Employees do go rogue.

Unless I read this wrong and there is no possible issue, from a human or technical vector?

Toatahu

3 posts

Wannabe Geek

#1790273 27-May-2017 15:51

Not just "go rogue" but have a make that is interested in hacking etc to have the info shared...

michaelmurfy

meow
13240 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#1790282 27-May-2017 16:12

And then we look at the ISP's Facebook pages and find customer like this posting:

Ugh.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

BlakJak

1275 posts

Uber Geek

Trusted

#1790287 27-May-2017 16:19

Storm in a tea-cup. The first thing I did when I signed up to Snap and was shipped their OEM DSL Router was log into it and review it's config. Remote admin was disabled.

The first thing when I moved from Snap to Actrix was review the OEM DSL Router config. Remote admin was not enabled - and i knew this because I checked.

If ISP's disclosed this arrangement and adequately protect it, it's not a bad thing and will be helpful for the majority of customers. The news is in the failure to adequately disclose.

No signature to see here, move along...

michaelmurfy

meow
13240 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#1790292 27-May-2017 16:25

BlakJak: The news is in the failure to adequately disclose.

It has been widely known for quite some time that most ISP's had some form of remote management on their routers going back years. My parents routers (they've always used their ISP ones) have always had remote management enabled and even when I was with Snap many moons ago they had remote management on their Fritz!Box.

It is more just people not understanding that this remote management is locked down to their ISP only and is for remote support, remote firmware upgrades etc. Settings are only changed with the explicit permission of the account holder unless if it is a break and change fix (for example, a VoIP upgrade).

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

RunningMan

8953 posts

Uber Geek

#1790303 27-May-2017 17:09

A rouge employee would no doubt have far easier and more profitable (for want of a better term) ways to use customer's info than dropping a dodgy config into their router.

Even if no ISP ever had admin access to CPE, a rouge employee can and will reek havoc. That's a social problem, not a technical problem.

BlakJak

1275 posts

Uber Geek

Trusted

#1790306 27-May-2017 17:15

michaelmurfy:
BlakJak: The news is in the failure to adequately disclose.

It has been widely known for quite some time that most ISP's had some form of remote management on their routers going back years. My parents routers (they've always used their ISP ones) have always had remote management enabled and even when I was with Snap many moons ago they had remote management on their Fritz!Box.

It is more just people not understanding that this remote management is locked down to their ISP only and is for remote support, remote firmware upgrades etc. Settings are only changed with the explicit permission of the account holder unless if it is a break and change fix (for example, a VoIP upgrade).

How widely known is widely known? I've been out of the ISP support game for a few years but i'm not sure it's well understood outside of the geeks of the world. Is it in ISP T&C or otherwise explicitly explained to people when they join up?

No signature to see here, move along...

michaelmurfy

meow
13240 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#1790377 27-May-2017 19:05

BlakJak: How widely known is widely known? I've been out of the ISP support game for a few years but i'm not sure it's well understood outside of the geeks of the world. Is it in ISP T&C or otherwise explicitly explained to people when they join up?

I know with signing up to WXC they said to me that the router was remotely provisioned and updated. With Voyager they did explain to me that there is remote management set up on the router however I can disable it if required (have not though - it is a handy feature for my parents).

With Spark I've always known even before I started working for them. Snap/2degrees it is a given as they remotely provision everything on the Fritz. Vodafone was a given as they have to provision voice.

It is more people don't understand how this all works. I understand to us geeks it is a given since they can provision routers.

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1790381 27-May-2017 19:22

There's no technical problem here. People are going over for nothing.

The protocol exists so that if something goes wrong then the telco can update the config of millions of modems automatically, without having to either send a technician to every home or wait for customers to send the modems in. It is also useful for remote maintenance and troubleshooting.

Rogue employees would make a lot more money if they simply lift credit card numbers (as was happening a few years ago, remember TelstraClear call centre overseas?)

If a so-called "security expert" was anything but then he'd be happy to put his name on the paper.

michaelmurfy

meow
13240 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#1790384 27-May-2017 19:23

freitasm:

If a so-called "security expert" was anything but then he'd be happy to put his name on the paper.

Couldn't agree more.

Oblivian

7296 posts

Uber Geek

ID Verified

#1790412 27-May-2017 23:02

For an outlet that LOVES quoting 'NZ IT enthusiasts' (From GZ) They sure fall short asking for input and or checking with the likes of Juha for backstory investigation.

I was thinking the other day, the day of 'investigative journalism' is all but dead. They take stories from Facebook posts these days with absolutely no backing and then do the leg work to find out the goss only to look a little red-faced post fact (recent 'explosions' in Auckland - police training....)

jeffory123

34 posts

Geek

ID Verified

#1790841 28-May-2017 22:11

Interesting that a few current and former employees of NZ telco's are so confidant in the security of their networks and infrastructure :) Now I must admit I have only encountered a few former russian software engineer's from Vodafone but their coding/general security awareness left a lot to be desired and they were just generally dodgy. Now these were software engineers not infra guys but I'm not convinced their employee screening process is without flaws. Therefore I would not consider it a 0% risk of a rogue employee compromising their ACS server and it going unchecked.

I certainly was not made aware of any remote maintenance capability when I signed up with both Spark and Vodafone. The one good thing this article has done despite it's flaws is made people more aware of the fact so they can then educate themselves on the matter and then make an informed decision on whether to disable any remote access capability to their modem.

michaelmurfy

meow
13240 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#1790850 28-May-2017 23:25

jeffory123:

Interesting that a few current and former employees of NZ telco's are so confidant in the security of their networks and infrastructure :) Now I must admit I have only encountered a few former russian software engineer's from Vodafone but their coding/general security awareness left a lot to be desired and they were just generally dodgy. Now these were software engineers not infra guys but I'm not convinced their employee screening process is without flaws. Therefore I would not consider it a 0% risk of a rogue employee compromising their ACS server and it going unchecked.

I certainly was not made aware of any remote maintenance capability when I signed up with both Spark and Vodafone. The one good thing this article has done despite it's flaws is made people more aware of the fact so they can then educate themselves on the matter and then make an informed decision on whether to disable any remote access capability to their modem.

Chances of ACS server (in production) getting owned by an employee? 0%. It'll require a change process to be accepted and followed and everything will be monitored during that process.

It isn't just Spark and Vodafone, it is essentially all ISP's since it is one of the most secure ways of managing and maintaining security and settings on a fleet of routers - if they update their VoIP infrastructure then how do they roll out changes to their customers? Tell them in an email to update things manually? No, they roll it out over TR-069. There is nothing to be concerned about with this sort of thing and the NZH article is woefully incorrect on so many levels. If you're reading it as to disable TR-069 then think twice as it is enabled for a reason - it isn't a backdoor and is an essential part of ensuring your internet access and ISP provided services runs to its full potential and your router is fully updated.

1 | 2 | 3 | 4 | 5 | 6