Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




5653 posts

Uber Geek


# 214760 27-May-2017 07:29
Send private message

Article here

 

Essentially discussing remote admin and/or TR-069 access to your router by your ISP.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6
5801 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1789005 27-May-2017 07:40
2 people support this post
Send private message

Yes to provide remote support

Linux

1566 posts

Uber Geek

Trusted

  # 1789009 27-May-2017 08:00
16 people support this post
Send private message

i thought the whole article was a great piece of comedy. Some of the examples of how staff could setup Wireless Networks and go to clients houses and steal their files was amazing.





 
 
 
 


6877 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1789015 27-May-2017 08:44
4 people support this post
Send private message

Wait, wait, wait, you mean that my property-of-Chorus centrally-managed ONT "modem" is centrally-managed? Whatever shall I do?!


485 posts

Ultimate Geek


  # 1789017 27-May-2017 08:54
Send private message

Although the article doesn't state which modem it was, on my Vodafone HG659 modem there is a Remote Management tab and it looks like it allows me to disable it.

The so called "Opt-out" feature already built in?

Or maybe we should all go and claim for $300 reimbursement of hardware before it's too late.

18750 posts

Uber Geek

Trusted

  # 1789022 27-May-2017 09:03
One person supports this post
Send private message

kiwiharry: Although the article doesn't state which modem it was, on my Vodafone HG659 modem there is a Remote Management tab and it looks like it allows me to disable it.

The so called "Opt-out" feature already built in?

Or maybe we should all go and claim for $300 reimbursement of hardware before it's too late.

 

Or be comfortable for the RSP to send their own support out at a cost. Cost? No way!!!  


1883 posts

Uber Geek

Subscriber

  # 1789026 27-May-2017 09:06
3 people support this post
Send private message

This will make some less technically minded people think they should go and buy a dlink or netgear off the shelf because they dont want their ISP having access and in the process just simply open up themselfs to the world in the process because they have no idea about locking it down as such. 


28597 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1789031 27-May-2017 09:12
17 people support this post
Send private message

The story was very poorly written and IMHO will do nothing but spread FUD and increase support calls and costs to an RSP. If you're a security "expert" and have just discovered TR-069 I don't think you should be proclaiming yourself to be an expert.

 

Much of what's written about TR-069 on the Internet is also without basis - yes there have been documented security risks over the years from poorly deployed solutions but that's because of the way they've been deployed.

 

If you're a large ISP remote management of CPE is essential, particularly if you're offering voice services over it.

 

 

 

 

 

 


 
 
 
 


903 posts

Ultimate Geek

Trusted
Subscriber

  # 1789032 27-May-2017 09:13
One person supports this post
Send private message

Maybe this should be on the other suitable thread


<removes tongue from cheek>

28597 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1789034 27-May-2017 09:24
One person supports this post
Send private message

There are other issues such as people giving their CPE away that's provisioned with voice details that are legitimate issues of auto provisioned hardware but not mentioned. We've seen numerous posts from people over the years as a result of this, both from Vodafone and Snap/2degrees users.

 

 

 

 


1982 posts

Uber Geek

Trusted
Subscriber

  # 1789038 27-May-2017 09:32
Send private message

A few years ago BT's Homehub product was nobbled - https://www.theregister.co.uk/2007/10/22/home_hub_vuln_plugged/ - because of reasons, but it did give an example of how not paying attention to the details can lead to compromised security and opportunity for nuisance.

 

 

 

Without knowing the specifics of what risk there is - beyond the obvious 'we can remote in and do stuff' - I'm not sure what the right answer is.

 

 

 

I guess the alternative is to go back to the world where ISP's provided NO support for the equipment they were supplying, and left the customer to do it themselves.

 

 

 

As long as the isp's are confident no one else can log in via the remote access path, and have 100% confidence in the hardware - HG659 I'm looking at you - to not 'accidentally' let someone through....





________

 

Antonios K

 

Click to see full size


557 posts

Ultimate Geek

Trusted

  # 1789040 27-May-2017 09:39
2 people support this post
Send private message

sbiddle:

 

The story was very poorly written and IMHO will do nothing but spread FUD and increase support calls and costs to an RSP. If you're a security "expert" and have just discovered TR-069 I don't think you should be proclaiming yourself to be an expert.

 

 

 

 

 

Yep, this self proclaimed "expert" clearly knows zero about the telecommunications industry. TR69 is not new and certainly not a bad thing unless its been very poorly implemented.


mdf

2403 posts

Uber Geek

Trusted
Subscriber

  # 1789043 27-May-2017 09:46
5 people support this post
Send private message

FFS. Just once I'd like to see a tech article that didn't involve someone belly aching about something. How about "ISPs invest millions to ensure that the digital divide doesn't leave anyone behind"? We're living in the goddam future and all the press can do is go barking at every passing car from a "security expert" that is using a $50 ISP supplied router.

If you can't trust your ISP, you've got much bigger problems than hypothetical "rogue employees" creating additional wifi access points. Your *life* flows through their pipes before it even hits your modem.

5071 posts

Uber Geek

Trusted

  # 1789051 27-May-2017 10:02
Send private message

Why is anyone surprised? This is the kind of gutter journalism they stoop to all the time now. undecided


226 posts

Master Geek


  # 1789058 27-May-2017 10:23
One person supports this post
Send private message

noroad:

 

sbiddle:

 

The story was very poorly written and IMHO will do nothing but spread FUD and increase support calls and costs to an RSP. If you're a security "expert" and have just discovered TR-069 I don't think you should be proclaiming yourself to be an expert.

 

 

Yep, this self proclaimed "expert" clearly knows zero about the telecommunications industry. TR69 is not new and certainly not a bad thing unless its been very poorly implemented.

 

But he "has experience working on IT security with intelligence agencies". He is clearly too busy to be reading a modem manual.

 

I suspect this all started as way to get a free modem.


/dev/null
9029 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 1789060 27-May-2017 10:27
5 people support this post
Send private message

What the actual fu..

 

Shame this "security expert" was not named for his discovery of TR069. Wonder if he used my router guide?





 1 | 2 | 3 | 4 | 5 | 6
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Switch your broadband provider now - compare prices


Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09


Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.