Become a fan of Slashdot on Facebook


Forgot your password?
Networking Australia Security Technology

Australia's Biggest Telco Sold Routers With Hardcoded Passwords 154

mask.of.sanity writes "Hardcoded usernames and passwords have been discovered in a recent line of Telstra broadband routers that allow attackers access to customer networks. The flaws meant customer unique passwords could be bypassed to access the device administrative console and LAN."
This discussion has been archived. No new comments can be posted.

Australia's Biggest Telco Sold Routers With Hardcoded Passwords

Comments Filter:
  • Easy fix (Score:2, Interesting)

    by Artea ( 2527062 ) on Tuesday November 13, 2012 @12:14AM (#41964001)
    Chances are this is the remote admin password for easy customer service. The devices are probably just rebranded Netgears or Belkins. Flash the firmware from the Vendor's support site, and clear off the Telstra "customer friendly" version of the firmware and this becomes a non-issue. I recall even manually adding a variable into the url enabled "advanced mode" to change this stuff without flashing the firmware.
  • Re:Comcast routers (Score:4, Interesting)

    by ppanon ( 16583 ) on Tuesday November 13, 2012 @12:21AM (#41964047) Homepage Journal
    You think that a company that is going to hardcode the SSID/WPA password into firmware updates (instead of keeping your current settings) would go to the trouble of customizing a different firmware file for each user so that they can get a high security hardcoded default? Really?
  • by crafty.munchkin ( 1220528 ) on Tuesday November 13, 2012 @12:23AM (#41964063)
    Telstra are a notoriously dodgy company with a history of being idiots when it comes to customer's privacy and account security. Have a read of this [] for one of their latest privacy blunders...
  • by green1 ( 322787 ) on Tuesday November 13, 2012 @12:47AM (#41964211)

    I install ADSL service for a Largish telco. I am always THRILLED when someone brings out a computer that isn't running windows. The reason? Windows machines support our company's software install, which is mandatory, can't be skipped, and takes 15 mins+ to install the first time you open a browser. However, if you are using a Mac, or Linux, or various other devices, the software install fails right away, gives you a warning telling you that your system doesn't meet our minimum requirements, and then without further ado activates the connection so everything works. Net benefit is that it saves me 15+ minutes, and the customers are happier because they don't have 4 more programs installed on their desktop!

  • Re:Comcast routers (Score:5, Interesting)

    by WaffleMonster ( 969671 ) on Tuesday November 13, 2012 @01:41AM (#41964449)

    No one serious about security would use Comcast anyway.

    Like your choice of ISP magically changes the reality of Internet being a fully untrusted and untrustworthy network.

    Always assume your pipe is compromised and use end-to-end security if you care about the confidentiality and integrity of any data you transmit over the Internet.

    I don't know anyone in the tech field that uses them

    LOL I know of many network engineers who work for first and second tier operators who use comcast at home.

    CenturyLink is so reliable that they own the market for professionals. I used Comcast for a while, but the 200+ msec ping made SSH unusable

    YMMV... my pings are about 30ms to google and 20ms when using comcast as a WAN link to our corporate office.

    like everyone else that needs a reliable connection, gave up on them years ago. They don't try and don't care.

    These comments are pointless. If you look for it there will always be someone saying megaco x is horrible because y happened or megaco a is great because b happened. Our personal experiences mean squat. You would be on better footing by citing the results of a customer satisfaction survey.

  • by johnjones ( 14274 ) on Tuesday November 13, 2012 @02:37AM (#41964721) Homepage Journal

    are you serious ?

    so your telling me that I can screw your entire print service and DOS it by sending it a print job ?

    is this only over USB or Networked as well ?

    (this is not a bad solution to upgrade the firmware but I bet they dont sign their firmware only use a magic hexcode to initiate the upgrade )



  • by dbIII ( 701233 ) on Tuesday November 13, 2012 @04:10AM (#41965045)

    so your telling me that I can screw your entire print service and DOS it by sending it a print job ?

    That sounds like HP all right. A simple nmap portscan kills their Jetdirect cat5 to parallel boxes dead. Not factory reset dead, but desolder a chip and replace it with a new one dead.

Things are not as simple as they seems at first. - Edward Thorp