Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Tens of thousands of broadband modems wide open to hijacking

Comments

  • Registered Users, Registered Users 2 Posts: 2,187 ✭✭✭ondafly


    Not the first time for Eir either !


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    Le sigh.


  • Registered Users, Registered Users 2 Posts: 7,559 ✭✭✭plodder


    I use that modem. It's pretty annoying that they leave an open TCP port without telling you. What is the story though if you change the admin password? I presume most people would change that rather than leaving it as the default wifi password, which would be impossible to remember...

    Interesting that with the old Netopia modems the port was only accessible to specific IP addresses (assigned to Eircom's technical support).


  • Registered Users, Registered Users 2 Posts: 2,218 ✭✭✭MBSnr


    No mention of the F1000, but port 7547 is open as well. I've disabled TR-64 in the management interface. Will that stop it being vulnerable to this I wonder?

    EDIT: I read that TR-64 pulls the wifi password which is also the admin login. Since my admin login and wifi password are not the default, I'm guessing that may stop the SSH login.


  • Registered Users, Registered Users 2 Posts: 2,218 ✭✭✭MBSnr


    plodder wrote: »
    I use that modem. It's pretty annoying that they leave an open TCP port without telling you. What is the story though if you change the admin password? I presume most people would change that rather than leaving it as the default wifi password, which would be impossible to remember...

    Interesting that with the old Netopia modems the port was only accessible to specific IP addresses (assigned to Eircom's technical support).

    I tested my F1000 by connecting to it via SSH and using the original wifi password (which has been changed) and I got account lockout for 10 mins. So this is likely only to be an issue with modems that have all the defaults still set.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 817 ✭✭✭Quaderno


    Still developing, but it looks like the vulnerability in three of Eir's router models may have played a crucial role in taking down close to a million broadband customers in Germany over the last couple of days.

    https://comsecuris.com/blog/posts/were_900k_deutsche_telekom_routers_compromised_by_mirai/


  • Registered Users, Registered Users 2 Posts: 7,559 ✭✭✭plodder


    I see this finally made the news today. Coincidentally (or maybe not) my D1000 has been bricked since late last week. I wonder if the software update they tried to push failed somehow. Lucky I had a spare modem handy.


  • Registered Users, Registered Users 2 Posts: 700 ✭✭✭Happy_Harry


    So I got an email from eir this morning
    We became aware on 3rd December that your modem may have had unauthorised access. In addition, we received additional information from our modem supplier on 5th December and it is imperative that you reset your modem immediately.

    I would like to know what unauthorised access there was.. I didn't have default pw for admin nor for wifi. Any idea how I could have been affected ?

    Thankfully I have eir only as a back up and not sure I have connected to it for any longer periods of time lately .


  • Registered Users, Registered Users 2 Posts: 1,436 ✭✭✭AlanG


    Pretty poor performance from the eir representative on Morning Ireland this morning. This sort of thing is bound to happen if the companies retain backdoor access to the routers in customers homes.


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    AlanG wrote: »
    Pretty poor performance from the eir representative on Morning Ireland this morning. This sort of thing is bound to happen if the companies retain backdoor access to the routers in customers homes.

    Its not a backdoor, its an advertised function that serves a legitimate purpose. Users want it. When average joe calls he wants to be told his password, not open a laptop, enter these numbers, enter this username, enter this password, go here, go there.


    This problem stems from poor systems management and/or using the cheapest vendor possible.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,559 ✭✭✭plodder


    ED E wrote: »
    Its not a backdoor, its an advertised function that serves a legitimate purpose. Users want it. When average joe calls he wants to be told his password, not open a laptop, enter these numbers, enter this username, enter this password, go here, go there.


    This problem stems from poor systems management and/or using the cheapest vendor possible.
    It seems quite reckless to have allowed access to that port from any IP address rather than a limited set of known ones owned by Eir technical support. I assume that was cost saving as well, as it was one less thing to customise by Zyxel for Eir.

    It was funny to hear the RTE reporter on the news last night trying to pronounce the word Zyxel. It looked like it was the first time he had ever seen it. :pac:


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    Oh its a total configuration failure, but that doesnt mean CPE management is a bad thing.

    Haven't read the TR specs but IIRC 69 uses PK auth so the IP doesnt really matter as only the ISPs management units can connect. One would assume thats enabled for F1000(Zyxel) and F2000(Huawei).


  • Registered Users, Registered Users 2 Posts: 7,559 ✭✭✭plodder


    ED E wrote: »
    Oh its a total configuration failure, but that doesnt mean CPE management is a bad thing.
    Sure.
    Haven't read the TR specs but IIRC 69 uses PK auth so the IP doesnt really matter as only the ISPs management units can connect. One would assume thats enabled for F1000(Zyxel) and F2000(Huawei).
    Just took a quick look at it and there seems to be two levels of security. TLS/certificates and shared-secrets/passwords. TLS is recommended but not required. Managing certificates can be a headache, so I don't know whether they decided to rely on password level security. Maybe not, but there was definitely some problem that needed to be fixed.


Advertisement