Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




5525 posts

Uber Geek


# 214760 27-May-2017 07:29
Send private message

Article here

 

Essentially discussing remote admin and/or TR-069 access to your router by your ISP.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6
5105 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1789005 27-May-2017 07:40
2 people support this post
Send private message

Yes to provide remote support

Linux

1538 posts

Uber Geek

Trusted

  # 1789009 27-May-2017 08:00
16 people support this post
Send private message

i thought the whole article was a great piece of comedy. Some of the examples of how staff could setup Wireless Networks and go to clients houses and steal their files was amazing.





 
 
 
 


6674 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1789015 27-May-2017 08:44
4 people support this post
Send private message

Wait, wait, wait, you mean that my property-of-Chorus centrally-managed ONT "modem" is centrally-managed? Whatever shall I do?!


445 posts

Ultimate Geek


  # 1789017 27-May-2017 08:54
Send private message

Although the article doesn't state which modem it was, on my Vodafone HG659 modem there is a Remote Management tab and it looks like it allows me to disable it.

The so called "Opt-out" feature already built in?

Or maybe we should all go and claim for $300 reimbursement of hardware before it's too late.

17328 posts

Uber Geek

Trusted

  # 1789022 27-May-2017 09:03
One person supports this post
Send private message

kiwiharry: Although the article doesn't state which modem it was, on my Vodafone HG659 modem there is a Remote Management tab and it looks like it allows me to disable it.

The so called "Opt-out" feature already built in?

Or maybe we should all go and claim for $300 reimbursement of hardware before it's too late.

 

Or be comfortable for the RSP to send their own support out at a cost. Cost? No way!!!  


1837 posts

Uber Geek

Subscriber

  # 1789026 27-May-2017 09:06
3 people support this post
Send private message

This will make some less technically minded people think they should go and buy a dlink or netgear off the shelf because they dont want their ISP having access and in the process just simply open up themselfs to the world in the process because they have no idea about locking it down as such. 


28115 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1789031 27-May-2017 09:12
17 people support this post
Send private message

The story was very poorly written and IMHO will do nothing but spread FUD and increase support calls and costs to an RSP. If you're a security "expert" and have just discovered TR-069 I don't think you should be proclaiming yourself to be an expert.

 

Much of what's written about TR-069 on the Internet is also without basis - yes there have been documented security risks over the years from poorly deployed solutions but that's because of the way they've been deployed.

 

If you're a large ISP remote management of CPE is essential, particularly if you're offering voice services over it.

 

 

 

 

 

 


 
 
 
 


838 posts

Ultimate Geek

Trusted
Subscriber

  # 1789032 27-May-2017 09:13
One person supports this post
Send private message

Maybe this should be on the other suitable thread


<removes tongue from cheek>

28115 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1789034 27-May-2017 09:24
One person supports this post
Send private message

There are other issues such as people giving their CPE away that's provisioned with voice details that are legitimate issues of auto provisioned hardware but not mentioned. We've seen numerous posts from people over the years as a result of this, both from Vodafone and Snap/2degrees users.

 

 

 

 


1924 posts

Uber Geek

Trusted
Subscriber

  # 1789038 27-May-2017 09:32
Send private message

A few years ago BT's Homehub product was nobbled - https://www.theregister.co.uk/2007/10/22/home_hub_vuln_plugged/ - because of reasons, but it did give an example of how not paying attention to the details can lead to compromised security and opportunity for nuisance.

 

 

 

Without knowing the specifics of what risk there is - beyond the obvious 'we can remote in and do stuff' - I'm not sure what the right answer is.

 

 

 

I guess the alternative is to go back to the world where ISP's provided NO support for the equipment they were supplying, and left the customer to do it themselves.

 

 

 

As long as the isp's are confident no one else can log in via the remote access path, and have 100% confidence in the hardware - HG659 I'm looking at you - to not 'accidentally' let someone through....





________

 

Antonios K

 

Click to see full size


497 posts

Ultimate Geek

Trusted

  # 1789040 27-May-2017 09:39
2 people support this post
Send private message

sbiddle:

 

The story was very poorly written and IMHO will do nothing but spread FUD and increase support calls and costs to an RSP. If you're a security "expert" and have just discovered TR-069 I don't think you should be proclaiming yourself to be an expert.

 

 

 

 

 

Yep, this self proclaimed "expert" clearly knows zero about the telecommunications industry. TR69 is not new and certainly not a bad thing unless its been very poorly implemented.


mdf

2277 posts

Uber Geek

Trusted
Subscriber

  # 1789043 27-May-2017 09:46
5 people support this post
Send private message

FFS. Just once I'd like to see a tech article that didn't involve someone belly aching about something. How about "ISPs invest millions to ensure that the digital divide doesn't leave anyone behind"? We're living in the goddam future and all the press can do is go barking at every passing car from a "security expert" that is using a $50 ISP supplied router.

If you can't trust your ISP, you've got much bigger problems than hypothetical "rogue employees" creating additional wifi access points. Your *life* flows through their pipes before it even hits your modem.

4875 posts

Uber Geek

Trusted

  # 1789051 27-May-2017 10:02
Send private message

Why is anyone surprised? This is the kind of gutter journalism they stoop to all the time now. undecided


223 posts

Master Geek


  # 1789058 27-May-2017 10:23
One person supports this post
Send private message

noroad:

 

sbiddle:

 

The story was very poorly written and IMHO will do nothing but spread FUD and increase support calls and costs to an RSP. If you're a security "expert" and have just discovered TR-069 I don't think you should be proclaiming yourself to be an expert.

 

 

Yep, this self proclaimed "expert" clearly knows zero about the telecommunications industry. TR69 is not new and certainly not a bad thing unless its been very poorly implemented.

 

But he "has experience working on IT security with intelligence agencies". He is clearly too busy to be reading a modem manual.

 

I suspect this all started as way to get a free modem.


Mr Snotty
8763 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 1789060 27-May-2017 10:27
5 people support this post
Send private message

What the actual fu..

 

Shame this "security expert" was not named for his discovery of TR069. Wonder if he used my router guide?





 1 | 2 | 3 | 4 | 5 | 6
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Switch your broadband provider now - compare prices


Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Disney+ streaming service confirmed launch in New Zealand
Posted 20-Aug-2019 09:29


Industry plan could create a billion dollar interactive games sector
Posted 19-Aug-2019 20:41


Personal cyber insurance a New Zealand first
Posted 19-Aug-2019 20:26


University of Waikato launches space for esports
Posted 19-Aug-2019 20:20


D-Link ANZ expands mydlink ecosystem with new mydlink Mini Wi-Fi Smart Plug
Posted 19-Aug-2019 20:14


Kiwi workers still falling victim to old cyber tricks
Posted 12-Aug-2019 20:47


Lightning Lab GovTech launches 2019 programme
Posted 12-Aug-2019 20:41


Epson launches portable laser projector
Posted 12-Aug-2019 20:27


Huawei launches new distributed HarmonyOS
Posted 12-Aug-2019 20:20


Lenovo introduces single-socket servers for edge and data-intensive workloads
Posted 9-Aug-2019 21:26


The Document Foundation announces LibreOffice 6.3
Posted 9-Aug-2019 16:57


Symantec sell enterprise security assets for US$ 10.7 billion to Broadcom
Posted 9-Aug-2019 16:43


Artificial tongue can distinguish whisky and identify counterfeits
Posted 8-Aug-2019 20:20


Toyota and Preferred Networks to develop service robots
Posted 8-Aug-2019 20:11


Vodafone introduces new Vodafone TV device
Posted 7-Aug-2019 17:16



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.