Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


814 posts

Ultimate Geek
+1 received by user: 1

Trusted
Subscriber

Topic # 238256 9-Jul-2018 14:46
Send private message quote this post

I am wondering if anyone else has experienced the following issue on 2Degrees home phone plus.

 

Toll calls have been made from my phone to France from Saturday morning until early Monday morning. The calls are short and I have been charged $5 each time. Totalling just over $400.

 

The strange thing is that no one in this house has ever made a call to France.

 

I received a text message from 2degrees at 9am this morning. They advised there had been high toll call usage and wanted to check if these were genuine.

 

I called 2degrees and advised they were not genuine. Only to be told that I will still have to pay the toll charges. As the calls were made from my account.

 

I have spoken to a supervisor who will talk to accounts.

 

I really would have thought there would be a system in place to detect abnormal usage. With a toll bar applied until confirmation is received from the user.

 

The explanation from 2degrees is that someone has used a brute force method to gain access to the modem. Via remote access. They have factory reset the modem. This will supposedly prevent any further charges. I find this a bit hard to believe. Although I have a toll bar in place now.

 

Does this sound familiar to anyone? 


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
3195 posts

Uber Geek
+1 received by user: 1792

Trusted
Lifetime subscriber

  Reply # 2052062 9-Jul-2018 14:58
Send private message quote this post

Are you using 2Degrees provided hardware / modem or 3rd party?

 

John





Ex JohnR VodafoneNZ 17 years 4 days



814 posts

Ultimate Geek
+1 received by user: 1

Trusted
Subscriber

  Reply # 2052069 9-Jul-2018 15:02
Send private message quote this post

Hi John

I am using the 2degrees supplied and configured fritzbox.

3154 posts

Uber Geek
+1 received by user: 798


  Reply # 2052079 9-Jul-2018 15:24
Send private message quote this post

mattRSK:

 

The calls are short and I have been charged $5 each time. Totalling just over $400.

 

 

So I'm assuming that they are to "premium" services, - it does sound like you may have been compromised somewhere along the line,

 

Do any other apps/devices have access to the outgoing number,  


4419 posts

Uber Geek
+1 received by user: 1929

Trusted
Subscriber

  Reply # 2052084 9-Jul-2018 15:38
Send private message quote this post

mattRSK:

 

I really would have thought there would be a system in place to detect abnormal usage.

 

 

 

 

Not that I am unsympathetic about fraud, but you said you received a text advising of abnormal usage, so, it looks like there is (and in fact there is such a fraud management system on the mobile side of the business too; possibly even the same system), and hooray for you that you found out the next day instead of on your bill after it was $40,000 instead of $400.

 

In regards to toll bars being put in place until a subscriber confirms, well, it's not my system, but I can tell you that in general you can please some of the people some of the time, but not all of the people any of the time. If by default a toll bar was in place until people asked for it to be removed, you'd have people complaining that it was outrageous they had to call up and get the toll bar removed, and why didn't <provider> allow them to just do it because it's 2018 and it's a global world etc etc.?

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.





iPad Air + iPhone SE + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.


3474 posts

Uber Geek
+1 received by user: 1250

Subscriber

  Reply # 2052095 9-Jul-2018 15:55
9 people support this post
Send private message quote this post

Sounds like this is 100% on two degrees to credit back and fix properly.

I would say different if it was a customer configuration that got hacked. But the whole point of managing voice service is so you can control the security too.

26609 posts

Uber Geek
+1 received by user: 6101

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 2052098 9-Jul-2018 16:06
One person supports this post
Send private message quote this post

SaltyNZ:

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

 

 

The last time this happened to people it was the Fritzbox that was compromised not somebody brute forcing SIP credentials.

 

 




814 posts

Ultimate Geek
+1 received by user: 1

Trusted
Subscriber

  Reply # 2052100 9-Jul-2018 16:07
One person supports this post
Send private message quote this post

Thanks for your responses. 

 

I guess where I am coming from is that I now have an additional $400 expense, through no fault of my own. Simply by having a connected phone line I am at risk of these charges. There is nothing I could have done differently to avoid these charges.


'That VDSL Cat'
8100 posts

Uber Geek
+1 received by user: 1693

Trusted
Spark
Subscriber

  Reply # 2052101 9-Jul-2018 16:11
Send private message quote this post

sbiddle:

 

SaltyNZ:

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

 

 

The last time this happened to people it was the Fritzbox that was compromised not somebody brute forcing SIP credentials.

 

 

 

 

Thought they patched this?

 

 

 

@OP is your fritzbox up to date?





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.




814 posts

Ultimate Geek
+1 received by user: 1

Trusted
Subscriber

  Reply # 2052104 9-Jul-2018 16:24
Send private message quote this post

hio77:

 

sbiddle:

 

SaltyNZ:

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

 

 

The last time this happened to people it was the Fritzbox that was compromised not somebody brute forcing SIP credentials.

 

 

 

 

Thought they patched this?

 

 

 

@OP is your fritzbox up to date?

 

 

 

 

I have Fritz!OS 06.52. I've just checked and 06.84 is available. Trouble is 2degrees do not provide information on which OS it should be. 

 

A replacement Fritzbox was sent out last year from 2degrees, I am not sure why though.


2924 posts

Uber Geek
+1 received by user: 713


  Reply # 2052107 9-Jul-2018 16:26
Send private message quote this post

Here's a thread on a similar issue back when 2 Degrees was Snap; I got 'hacked' twice, but didn't have to pay either time (and damn well shouldn't have had to, given where the fault lay).

 

https://www.geekzone.co.nz/forums.asp?forumid=85&topicid=148602&singlepage=yes


4903 posts

Uber Geek
+1 received by user: 1537


  Reply # 2052108 9-Jul-2018 16:30
One person supports this post
Send private message quote this post

An old thread from Snap days https://www.geekzone.co.nz/forums.asp?forumid=85&topicid=148602

 

It mentions unusual log entries on the Fritz prior to the calls - may pay to check if you are seeing something similar.

 

EDIT: Doh - beaten to it by @jonathan18




814 posts

Ultimate Geek
+1 received by user: 1

Trusted
Subscriber

  Reply # 2052109 9-Jul-2018 16:31
Send private message quote this post

jonathan18:

 

Here's a thread on a similar issue back when 2 Degrees was Snap; I got 'hacked' twice, but didn't have to pay either time (and damn well shouldn't have had to, given where the fault lay).

 

https://www.geekzone.co.nz/forums.asp?forumid=85&topicid=148602&singlepage=yes

 

 

 

 

Now I wish I had checked the log before the factory reset. Reading that thread it seems that the same problem still exists.


1216 posts

Uber Geek
+1 received by user: 273


  Reply # 2052140 9-Jul-2018 17:44
Send private message quote this post

I wonder if they provision ONT voice on request?

4419 posts

Uber Geek
+1 received by user: 1929

Trusted
Subscriber

  Reply # 2052390 10-Jul-2018 08:48
Send private message quote this post

sbiddle:

 

SaltyNZ:

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

 

 

The last time this happened to people it was the Fritzbox that was compromised not somebody brute forcing SIP credentials.

 

 

 

 

 

 

Ah, yes, not a lot you can do about that...





iPad Air + iPhone SE + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.


268 posts

Ultimate Geek
+1 received by user: 54


  Reply # 2052505 10-Jul-2018 10:57
Send private message quote this post

SaltyNZ:

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

 

 

LOL seriously would a VOIP provider operate open SIP without an SBC with no brute force protection? I hope not.


 1 | 2
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft Dynamics 365 Business Central launches
Posted 10-Jul-2018 10:40


Spark completes first milestone in voice platform upgrade
Posted 10-Jul-2018 09:36


Microsoft ices heated developers
Posted 6-Jul-2018 20:16


PB Technologies charged for its extended warranties and warned for bait advertising
Posted 3-Jul-2018 15:45


Almost 20,000 people claim credits from Spark
Posted 29-Jun-2018 10:40


Cove sells NZ's first insurance policy via chatbot
Posted 25-Jun-2018 10:04


N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.