Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6
28692 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  #1790865 29-May-2017 07:21
2 people support this post
Send private message

jeffory123:

 

I certainly was not made aware of any remote maintenance capability when I signed up with both Spark and Vodafone. The one good thing this article has done despite it's flaws is made people more aware of the fact so they can then educate themselves on the matter and then make an informed decision on whether to disable any remote access capability to their modem.

 

 

And if you knew anything about security you'd realise that like disabling Windows updates, disabling TR-069 would be a massive mistake from a security perspective.  

 

The great aspect of TR-069 is that it improves the issue of end user security literally ten-fold. There are so many users with 3rd party routers that have been subjected to security exploits in recent times, and many of those people would be completely unaware of the issue. Own a late model Linksys router? They were all pwn3d last month. Own a Belkin? They've been pwn3d too. Own a D-link? They're been pwn3d too.

 

By being able to manage CPE if Spark, Vodafone, 2degrees or any RSP that uses TR-069 have critical issues with their CPE they're able to push updates out to mitigate the risk. If you own 3rd party CPE you're on your own.

 

 

 

 


4354 posts

Uber Geek

Trusted

  #1790990 29-May-2017 10:58
One person supports this post
Send private message

sbiddle:

 

jeffory123:

 

I certainly was not made aware of any remote maintenance capability when I signed up with both Spark and Vodafone. The one good thing this article has done despite it's flaws is made people more aware of the fact so they can then educate themselves on the matter and then make an informed decision on whether to disable any remote access capability to their modem.

 

 

And if you knew anything about security you'd realise that like disabling Windows updates, disabling TR-069 would be a massive mistake from a security perspective.  

 

The great aspect of TR-069 is that it improves the issue of end user security literally ten-fold. There are so many users with 3rd party routers that have been subjected to security exploits in recent times, and many of those people would be completely unaware of the issue. Own a late model Linksys router? They were all pwn3d last month. Own a Belkin? They've been pwn3d too. Own a D-link? They're been pwn3d too.

 

By being able to manage CPE if Spark, Vodafone, 2degrees or any RSP that uses TR-069 have critical issues with their CPE they're able to push updates out to mitigate the risk. If you own 3rd party CPE you're on your own.

 

 

 

 

Not to mention people like this "security expert" buying a new router, loading some openwrt variant and then not configuring the firewall and getting smashed by DNS bots and the like. But then again, thats probably "all the ISPs fault" and their rubbish network.

 

Had an "IT guy" tell me exactly that recently, he couldn't understand why his connection was so slow after he removed our router and installed his own $800 cisco beast and didn't understand what an ACL was!! It was then, of course, Cisco's fault because "how crazy are they sending out routers like this?!". Our $100 Mikrotik went right back in place haha.

 

 

 

Just because a router is cheap doesn't automatically make it rubbish. Get off your dam high horse!!


 
 
 
 


23003 posts

Uber Geek

Trusted
Subscriber

  #1790997 29-May-2017 11:07
3 people support this post
Send private message

Why is this being called a backdoor? Its a pretty clear feature of ISP managed hardware, not some nefarious service running on an obscure port that only answers to a hidden string or something. This is no back door.





Richard rich.ms

BDFL - Memuneh
65627 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #1790999 29-May-2017 11:09
6 people support this post
Send private message
5434 posts

Uber Geek


  #1791012 29-May-2017 11:30
Send private message

Back around 2008, noticed our ADSL had stopped working.  This persisted for about a week.

 

A call to Telecom revealed they had remotely-disabled our (Telecom supplied) D-link modem because it had been compromised and was being used in DDoS attacks.

 

So if the info given at the time was accurate, the ability was there back then.

 

 





Mike

733 posts

Ultimate Geek

Trusted

  #1791018 29-May-2017 11:45
One person supports this post
Send private message

MikeAqua:

Back around 2008, noticed our ADSL had stopped working.  This persisted for about a week.

 

A call to Telecom revealed they had remotely-disabled our (Telecom supplied) D-link modem because it had been compromised and was being used in DDoS attacks.

 

So if the info given at the time was accurate, the ability was there back then.

 

 

 

 

Just as likely they reset your authentication password and kicked you offline. Xtra historically use a different authentication record for this than for other services so it wouldn't disrupt (say) your email service to do this.




No signature to see here, move along...

1431 posts

Uber Geek


  #1791020 29-May-2017 11:47
Send private message

Yeah they have a quarantine IP range they put you in, so the intervention was most likely network level.

 

 

I don't think Spark actively use TR-069 to deliver firmware updates or for remote management and provisioning (they don't do RGW voice), unlike Vodafone, 2degrees and some other smaller players.

 
 
 
 


1569 posts

Uber Geek

Trusted

  #1791042 29-May-2017 12:16
Send private message

heres a screenshot of what the "remote management" aka backdoor looks like on the HG659 from spark

 

 

 






14664 posts

Uber Geek

Trusted
Subscriber

  #1791047 29-May-2017 12:29
Send private message

This reminds me I must do something about the backdoor 





Mike
Retired IT Manager. 
The views stated in my posts are my personal views and not that of any other organisation.

 

There is no planet B

 

 


612 posts

Ultimate Geek


  #1791049 29-May-2017 12:43
Send private message

The only time I have had an issue with this system was when I was with Snap..

 

The system kept trying to push out an update that would throw my router into a reboot cycle, I had to disconnect it from the net and delete their account.

 

But overall I see nothing wrong with it.

 

 

 

 


Lock him up!
11397 posts

Uber Geek

Lifetime subscriber

  #1791063 29-May-2017 13:01
Send private message

And ... what about this one? Maybe it is where the Herald stole got their information from?

 

 





I don't think there is ever a bad time to talk about how absurd war is, how old men make decisions and young people die. - George Clooney
 


28692 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  #1791084 29-May-2017 13:42
2 people support this post
Send private message

Rikkitic:

 

And ... what about this one? Maybe it is where the Herald stole got their information from?

 

 

 

 

Have you actually read that post? They looked at attacks on ACS *servers*, not the clients (ie your router).

 

 

 

 


5434 posts

Uber Geek


  #1791089 29-May-2017 13:53
Send private message

BlakJak:
MikeAqua:

 

Back around 2008, noticed our ADSL had stopped working.  This persisted for about a week.

 

A call to Telecom revealed they had remotely-disabled our (Telecom supplied) D-link modem because it had been compromised and was being used in DDoS attacks.

 

So if the info given at the time was accurate, the ability was there back then.

 

 

Just as likely they reset your authentication password and kicked you offline. Xtra historically use a different authentication record for this than for other services so it wouldn't disrupt (say) your email service to do this.

 

Quite possibly. But we weren't getting log in errors or anything like that.

 

I assumed on good faith I was given the true story.  Perhaps they were "using complexity to confuse customers"laughing

 

After firmware update and background actions by the Tcom CSR all was well again.  I was a bit perplexed they made no attempt to contact us and let us know.  Just deny service and wait for the fault call yell

 

I provide my own routers now ...

 

 

 

 

 

 





Mike

Lock him up!
11397 posts

Uber Geek

Lifetime subscriber

  #1791099 29-May-2017 14:10
Send private message

sbiddle:

 

Rikkitic:

 

And ... what about this one? Maybe it is where the Herald stole got their information from?

 

 

Have you actually read that post? They looked at attacks on ACS *servers*, not the clients (ie your router).

 

 

I read some of it. Admittedly not all. My bad.

 

 

 

 

 

 





I don't think there is ever a bad time to talk about how absurd war is, how old men make decisions and young people die. - George Clooney
 


'That VDSL Cat'
11708 posts

Uber Geek

Trusted
Spark
Subscriber

  #1791151 29-May-2017 15:08
Send private message

Currently spark use the motive platform, as do most large RSP's who provide Huawei devices.

 

 

 

I can clearly speak from the spark position of things where strict rules are in-place for use of the remote management.

 

This comes down to everything must be documented, Reports are ran on usage on remote management.

 

 

 

For the most part, this system is actually extremely limited, designed to give a rep just enough power to check settings, maybe push a change or two to the wifi networks.

 

 

 

Generally support path for any modem changes are, the customer makes the change themselves, or gives permission to make said changes.

 

 

 

Personally, remote management is a massive tool in the kit, in my own usage i don't use the tool as much as i /could/ as i don't really see it having /enough/ access to the more difficult of situations (Classic one being, the Physical wifi button on the modem, Customer accidentally presses this... there is no remote management that will resolve this, Customer has made a point of changing something so they need to resolve it.)

 

 

 

Remote management tasks such as a full fresh configuration being pushed out (aka a reset) must be done with full permission from the customer with risks explained.

 

Personally i reset maybe 2 modems max in a month, Generally far less because it simply is not required.

 

99% of the time, this is done by the customer physically accepting the risks and pressing the buttons, However before even considering this i will give the device check, Have they allocated any internal static ips, Opened a port, changed the wifi name. These are all red flags to say hey There are some customized settings in your modem, are you absolutely sure it is okay to remove them or are we best backing up the settings first.

 

 

 

If anyone has any genuine security concerns about remote management and their spark devices, feel free to raise it. Assuming it is something i can explain I'll gladly explain that angle.

 

as others have said, TR-069 is nothing new, it can be powerful but is deliberately boxed within a closed point so that there can be no risk of harm.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


1 | 2 | 3 | 4 | 5 | 6
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Vodafone mobile data plans with unlimited data
Posted 26-Feb-2020 06:55


Vodafone launches innovation initiatives to help businesses use 5G
Posted 26-Feb-2020 05:00


Ultimate Ears HYPERBOOM brings massive sound and extreme bass
Posted 25-Feb-2020 09:00


Withings launches three new devices to help monitor heart health from home
Posted 13-Feb-2020 20:05


Auckland start-up Yourcar matches new car buyers with dealerships
Posted 13-Feb-2020 18:05


School gardens go high tech to teach kids the importance of technology
Posted 13-Feb-2020 11:10


Malwarebytes finds Mac threats outpace Windows for the first time
Posted 13-Feb-2020 08:01


Amazon launches Echo Show 8 in Australia and New Zealand
Posted 8-Feb-2020 20:36


Vodafone New Zealand starts two year partnership with LetsPlay.Live
Posted 28-Jan-2020 11:24


Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.