Fraudulent Toll Charges

mattRSK:

I am wondering if anyone else has experienced the following issue on 2Degrees home phone plus.

Toll calls have been made from my phone to France from Saturday morning until early Monday morning. The calls are short and I have been charged $5 each time. Totalling just over $400.

The strange thing is that no one in this house has ever made a call to France.

I received a text message from 2degrees at 9am this morning. They advised there had been high toll call usage and wanted to check if these were genuine.

I called 2degrees and advised they were not genuine. Only to be told that I will still have to pay the toll charges. As the calls were made from my account.

I have spoken to a supervisor who will talk to accounts.

I really would have thought there would be a system in place to detect abnormal usage. With a toll bar applied until confirmation is received from the user.

The explanation from 2degrees is that someone has used a brute force method to gain access to the modem. Via remote access. They have factory reset the modem. This will supposedly prevent any further charges. I find this a bit hard to believe. Although I have a toll bar in place now.

Does this sound familiar to anyone?

Hi Matt,

I've done a bit of digging on this and thought I'd chime in. As per above, it was a brute force attack on the remote access feature of the fritzbox that enabled the individual to gain access to the box. This has been resolved by a factory reset to wipe all accounts and restore service. The version of firmware stated in this thread is not open to any specific known vulnerabilities. In this case it appears to be a soft password setup for remote access which was the culprit. Due to the factory reset, post-mortem is no longer possible.

In terms of firmware - All firmware that is available via the update feature on the fritzbox should be installed, it's been regression tested by 2degrees and therefore made available to customers for consumption. Periodically 2degrees also do pushes of firmware to devices to make sure they are running the latest and greatest using the TR69 protocol. This can take some time as there are many thousands of devices out there. You also miss people depending on devices being powered on, people moving houses etc. The current firmware version available is 6.84, more details on what's included is here - https://en.avm.de/service/

Some customers do change passwords for SIP via the 2degrees broadband portal (https://secure.2degreesbroadband.co.nz/login), other than setting the complexity 'rules' for a password, it's somewhat out of our control. We do however limit access to connect to the Metaswitch platform (Home plus) from the 2degrees network only. What this effectively means is that you need to 'gain access' on the local lan or via the fritzbox on the 2degrees network to make fraudulent calls.

There is also a bunch of early detection for fault type behavior in terms of monitoring spend/consumption of minutes/dollars. When this happens, Fraud Management systems are alerted and customers are notified accordingly.

It looks like Customer Care have been in contact with you, charges for this specific event removed.

Nick.

mattRSK

NickMack