Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




5554 posts

Uber Geek


# 214760 27-May-2017 07:29
Send private message

Article here

 

Essentially discussing remote admin and/or TR-069 access to your router by your ISP.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6
5233 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1789005 27-May-2017 07:40
2 people support this post
Send private message

Yes to provide remote support

Linux

1541 posts

Uber Geek

Trusted

  # 1789009 27-May-2017 08:00
16 people support this post
Send private message

i thought the whole article was a great piece of comedy. Some of the examples of how staff could setup Wireless Networks and go to clients houses and steal their files was amazing.





 
 
 
 


6697 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1789015 27-May-2017 08:44
4 people support this post
Send private message

Wait, wait, wait, you mean that my property-of-Chorus centrally-managed ONT "modem" is centrally-managed? Whatever shall I do?!


451 posts

Ultimate Geek


  # 1789017 27-May-2017 08:54
Send private message

Although the article doesn't state which modem it was, on my Vodafone HG659 modem there is a Remote Management tab and it looks like it allows me to disable it.

The so called "Opt-out" feature already built in?

Or maybe we should all go and claim for $300 reimbursement of hardware before it's too late.

17617 posts

Uber Geek

Trusted

  # 1789022 27-May-2017 09:03
One person supports this post
Send private message

kiwiharry: Although the article doesn't state which modem it was, on my Vodafone HG659 modem there is a Remote Management tab and it looks like it allows me to disable it.

The so called "Opt-out" feature already built in?

Or maybe we should all go and claim for $300 reimbursement of hardware before it's too late.

 

Or be comfortable for the RSP to send their own support out at a cost. Cost? No way!!!  


1840 posts

Uber Geek

Subscriber

  # 1789026 27-May-2017 09:06
3 people support this post
Send private message

This will make some less technically minded people think they should go and buy a dlink or netgear off the shelf because they dont want their ISP having access and in the process just simply open up themselfs to the world in the process because they have no idea about locking it down as such. 


28220 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1789031 27-May-2017 09:12
17 people support this post
Send private message

The story was very poorly written and IMHO will do nothing but spread FUD and increase support calls and costs to an RSP. If you're a security "expert" and have just discovered TR-069 I don't think you should be proclaiming yourself to be an expert.

 

Much of what's written about TR-069 on the Internet is also without basis - yes there have been documented security risks over the years from poorly deployed solutions but that's because of the way they've been deployed.

 

If you're a large ISP remote management of CPE is essential, particularly if you're offering voice services over it.

 

 

 

 

 

 


 
 
 
 


843 posts

Ultimate Geek

Trusted
Subscriber

  # 1789032 27-May-2017 09:13
One person supports this post
Send private message

Maybe this should be on the other suitable thread


<removes tongue from cheek>

28220 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1789034 27-May-2017 09:24
One person supports this post
Send private message

There are other issues such as people giving their CPE away that's provisioned with voice details that are legitimate issues of auto provisioned hardware but not mentioned. We've seen numerous posts from people over the years as a result of this, both from Vodafone and Snap/2degrees users.

 

 

 

 


1938 posts

Uber Geek

Trusted
Subscriber

  # 1789038 27-May-2017 09:32
Send private message

A few years ago BT's Homehub product was nobbled - https://www.theregister.co.uk/2007/10/22/home_hub_vuln_plugged/ - because of reasons, but it did give an example of how not paying attention to the details can lead to compromised security and opportunity for nuisance.

 

 

 

Without knowing the specifics of what risk there is - beyond the obvious 'we can remote in and do stuff' - I'm not sure what the right answer is.

 

 

 

I guess the alternative is to go back to the world where ISP's provided NO support for the equipment they were supplying, and left the customer to do it themselves.

 

 

 

As long as the isp's are confident no one else can log in via the remote access path, and have 100% confidence in the hardware - HG659 I'm looking at you - to not 'accidentally' let someone through....





________

 

Antonios K

 

Click to see full size


504 posts

Ultimate Geek

Trusted

  # 1789040 27-May-2017 09:39
2 people support this post
Send private message

sbiddle:

 

The story was very poorly written and IMHO will do nothing but spread FUD and increase support calls and costs to an RSP. If you're a security "expert" and have just discovered TR-069 I don't think you should be proclaiming yourself to be an expert.

 

 

 

 

 

Yep, this self proclaimed "expert" clearly knows zero about the telecommunications industry. TR69 is not new and certainly not a bad thing unless its been very poorly implemented.


mdf

2304 posts

Uber Geek

Trusted
Subscriber

  # 1789043 27-May-2017 09:46
5 people support this post
Send private message

FFS. Just once I'd like to see a tech article that didn't involve someone belly aching about something. How about "ISPs invest millions to ensure that the digital divide doesn't leave anyone behind"? We're living in the goddam future and all the press can do is go barking at every passing car from a "security expert" that is using a $50 ISP supplied router.

If you can't trust your ISP, you've got much bigger problems than hypothetical "rogue employees" creating additional wifi access points. Your *life* flows through their pipes before it even hits your modem.

4907 posts

Uber Geek

Trusted

  # 1789051 27-May-2017 10:02
Send private message

Why is anyone surprised? This is the kind of gutter journalism they stoop to all the time now. undecided


223 posts

Master Geek


  # 1789058 27-May-2017 10:23
One person supports this post
Send private message

noroad:

 

sbiddle:

 

The story was very poorly written and IMHO will do nothing but spread FUD and increase support calls and costs to an RSP. If you're a security "expert" and have just discovered TR-069 I don't think you should be proclaiming yourself to be an expert.

 

 

Yep, this self proclaimed "expert" clearly knows zero about the telecommunications industry. TR69 is not new and certainly not a bad thing unless its been very poorly implemented.

 

But he "has experience working on IT security with intelligence agencies". He is clearly too busy to be reading a modem manual.

 

I suspect this all started as way to get a free modem.


Mr Snotty
8822 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 1789060 27-May-2017 10:27
5 people support this post
Send private message

What the actual fu..

 

Shame this "security expert" was not named for his discovery of TR069. Wonder if he used my router guide?





 1 | 2 | 3 | 4 | 5 | 6
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Switch your broadband provider now - compare prices


Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Facebook Portal to land in New Zealand
Posted 19-Sep-2019 18:35


Amazon Studios announces New Zealand as location for its upcoming series based on The Lord of the Rings
Posted 18-Sep-2019 17:24


The Warehouse chooses Elasticsearch service
Posted 18-Sep-2019 13:55


Voyager upgrades core network to 100Gbit
Posted 18-Sep-2019 13:52


Streaming service Acorn TV launches in New Zealand with selection with British shows
Posted 18-Sep-2019 08:55


Bitcoin.com announces partnership with smartphone manufacturer HTC
Posted 16-Sep-2019 21:30


Finalists Announced for Microsoft NZ Partner Awards
Posted 16-Sep-2019 19:37


OPPO Showcases New CameraX Capabilities at Google Developer Days China 2019
Posted 15-Sep-2019 12:42


New Zealand PC Market returns to growth
Posted 15-Sep-2019 12:24


Home sensor charity director speaks about the preventable death which drives her to push for healthy homes
Posted 11-Sep-2019 08:46


Te ao Maori Minecraft world set to inspire Kiwi students
Posted 11-Sep-2019 08:43


Research reveals The Power of Games in New Zealand
Posted 11-Sep-2019 08:40


Ring Door View Cam now available in New Zealand
Posted 11-Sep-2019 08:38


Vodafone NZ to create X Squad
Posted 10-Sep-2019 10:25


Huawei nova 5T to be available 20th September
Posted 5-Sep-2019 11:55



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.