Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


814 posts

Ultimate Geek
+1 received by user: 1

Trusted
Subscriber

Topic # 238256 9-Jul-2018 14:46
Send private message quote this post

I am wondering if anyone else has experienced the following issue on 2Degrees home phone plus.

 

Toll calls have been made from my phone to France from Saturday morning until early Monday morning. The calls are short and I have been charged $5 each time. Totalling just over $400.

 

The strange thing is that no one in this house has ever made a call to France.

 

I received a text message from 2degrees at 9am this morning. They advised there had been high toll call usage and wanted to check if these were genuine.

 

I called 2degrees and advised they were not genuine. Only to be told that I will still have to pay the toll charges. As the calls were made from my account.

 

I have spoken to a supervisor who will talk to accounts.

 

I really would have thought there would be a system in place to detect abnormal usage. With a toll bar applied until confirmation is received from the user.

 

The explanation from 2degrees is that someone has used a brute force method to gain access to the modem. Via remote access. They have factory reset the modem. This will supposedly prevent any further charges. I find this a bit hard to believe. Although I have a toll bar in place now.

 

Does this sound familiar to anyone? 


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
3615 posts

Uber Geek
+1 received by user: 2002

Trusted
Lifetime subscriber

  Reply # 2052062 9-Jul-2018 14:58
Send private message quote this post

Are you using 2Degrees provided hardware / modem or 3rd party?

 

John





Ex JohnR VodafoneNZ 17 years 4 days



814 posts

Ultimate Geek
+1 received by user: 1

Trusted
Subscriber

  Reply # 2052069 9-Jul-2018 15:02
Send private message quote this post

Hi John

I am using the 2degrees supplied and configured fritzbox.

3315 posts

Uber Geek
+1 received by user: 889


  Reply # 2052079 9-Jul-2018 15:24
Send private message quote this post

mattRSK:

 

The calls are short and I have been charged $5 each time. Totalling just over $400.

 

 

So I'm assuming that they are to "premium" services, - it does sound like you may have been compromised somewhere along the line,

 

Do any other apps/devices have access to the outgoing number,  


4529 posts

Uber Geek
+1 received by user: 2022

Trusted
Subscriber

  Reply # 2052084 9-Jul-2018 15:38
Send private message quote this post

mattRSK:

 

I really would have thought there would be a system in place to detect abnormal usage.

 

 

 

 

Not that I am unsympathetic about fraud, but you said you received a text advising of abnormal usage, so, it looks like there is (and in fact there is such a fraud management system on the mobile side of the business too; possibly even the same system), and hooray for you that you found out the next day instead of on your bill after it was $40,000 instead of $400.

 

In regards to toll bars being put in place until a subscriber confirms, well, it's not my system, but I can tell you that in general you can please some of the people some of the time, but not all of the people any of the time. If by default a toll bar was in place until people asked for it to be removed, you'd have people complaining that it was outrageous they had to call up and get the toll bar removed, and why didn't <provider> allow them to just do it because it's 2018 and it's a global world etc etc.?

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.





iPad Air + iPhone SE + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.


3561 posts

Uber Geek
+1 received by user: 1307

Subscriber

  Reply # 2052095 9-Jul-2018 15:55
9 people support this post
Send private message quote this post

Sounds like this is 100% on two degrees to credit back and fix properly.

I would say different if it was a customer configuration that got hacked. But the whole point of managing voice service is so you can control the security too.

26949 posts

Uber Geek
+1 received by user: 6391

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 2052098 9-Jul-2018 16:06
One person supports this post
Send private message quote this post

SaltyNZ:

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

 

 

The last time this happened to people it was the Fritzbox that was compromised not somebody brute forcing SIP credentials.

 

 




814 posts

Ultimate Geek
+1 received by user: 1

Trusted
Subscriber

  Reply # 2052100 9-Jul-2018 16:07
One person supports this post
Send private message quote this post

Thanks for your responses. 

 

I guess where I am coming from is that I now have an additional $400 expense, through no fault of my own. Simply by having a connected phone line I am at risk of these charges. There is nothing I could have done differently to avoid these charges.


'That VDSL Cat'
8451 posts

Uber Geek
+1 received by user: 1817

Trusted
Spark
Subscriber

  Reply # 2052101 9-Jul-2018 16:11
Send private message quote this post

sbiddle:

 

SaltyNZ:

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

 

 

The last time this happened to people it was the Fritzbox that was compromised not somebody brute forcing SIP credentials.

 

 

 

 

Thought they patched this?

 

 

 

@OP is your fritzbox up to date?





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.




814 posts

Ultimate Geek
+1 received by user: 1

Trusted
Subscriber

  Reply # 2052104 9-Jul-2018 16:24
Send private message quote this post

hio77:

 

sbiddle:

 

SaltyNZ:

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

 

 

The last time this happened to people it was the Fritzbox that was compromised not somebody brute forcing SIP credentials.

 

 

 

 

Thought they patched this?

 

 

 

@OP is your fritzbox up to date?

 

 

 

 

I have Fritz!OS 06.52. I've just checked and 06.84 is available. Trouble is 2degrees do not provide information on which OS it should be. 

 

A replacement Fritzbox was sent out last year from 2degrees, I am not sure why though.


3008 posts

Uber Geek
+1 received by user: 737


  Reply # 2052107 9-Jul-2018 16:26
Send private message quote this post

Here's a thread on a similar issue back when 2 Degrees was Snap; I got 'hacked' twice, but didn't have to pay either time (and damn well shouldn't have had to, given where the fault lay).

 

https://www.geekzone.co.nz/forums.asp?forumid=85&topicid=148602&singlepage=yes


5044 posts

Uber Geek
+1 received by user: 1618


  Reply # 2052108 9-Jul-2018 16:30
One person supports this post
Send private message quote this post

An old thread from Snap days https://www.geekzone.co.nz/forums.asp?forumid=85&topicid=148602

 

It mentions unusual log entries on the Fritz prior to the calls - may pay to check if you are seeing something similar.

 

EDIT: Doh - beaten to it by @jonathan18




814 posts

Ultimate Geek
+1 received by user: 1

Trusted
Subscriber

  Reply # 2052109 9-Jul-2018 16:31
Send private message quote this post

jonathan18:

 

Here's a thread on a similar issue back when 2 Degrees was Snap; I got 'hacked' twice, but didn't have to pay either time (and damn well shouldn't have had to, given where the fault lay).

 

https://www.geekzone.co.nz/forums.asp?forumid=85&topicid=148602&singlepage=yes

 

 

 

 

Now I wish I had checked the log before the factory reset. Reading that thread it seems that the same problem still exists.


1241 posts

Uber Geek
+1 received by user: 282


  Reply # 2052140 9-Jul-2018 17:44
Send private message quote this post

I wonder if they provision ONT voice on request?

4529 posts

Uber Geek
+1 received by user: 2022

Trusted
Subscriber

  Reply # 2052390 10-Jul-2018 08:48
Send private message quote this post

sbiddle:

 

SaltyNZ:

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

 

 

The last time this happened to people it was the Fritzbox that was compromised not somebody brute forcing SIP credentials.

 

 

 

 

 

 

Ah, yes, not a lot you can do about that...





iPad Air + iPhone SE + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.


309 posts

Ultimate Geek
+1 received by user: 69


  Reply # 2052505 10-Jul-2018 10:57
Send private message quote this post

SaltyNZ:

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

 

 

LOL seriously would a VOIP provider operate open SIP without an SBC with no brute force protection? I hope not.


 1 | 2
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.