Attention Telkom ADSL Users.

P

PaulB_ZA

Active Member
Joined
Jun 30, 2011
Messages
51
Reaction score
0
Location
New Zealand
Hi,

I was speaking to a friend of mine, in CT.

He told me, about that he can hack into people's ADSL modems, and get their ADSL passwords, using Angry IP Scanner.

I doubted what he told me, but one day I was bored, and decided to try it for myself. Took me quite a while, to find the correct IP ranges, and get the correct settings for it to scan. However, once I had found the correct ranges. I found about over 100 devices, many of which I could gain access into their modems by just using the admin/admin password sequence. I only let it scan for about 10 minutes, before terminating it, becuase I had found what I was looking for, and I wasn't there, to hack peoples modems, only just to see if it actually worked. This has made me disgusted by Telkom. How can they provide ADSL modems to their customers, with that big vulnerability? Getting into peoples modem settings, may not be that big of a deal, however the stuff you can change, is just like sitting inside an internal LAN.

Please note, this may be the same for other ADSL provides, but I haven't tried it for other SA providers.

Why does Telkom do this, if that happened in NZ, the providers would be sued till the cows come home.
 
All modems come with admin/admin or admin/password at default. The manual would tell you to change asap. If you leave this at factory defaults you are a moron who obviously worships Steve Jobs.
 
most modems / routers come with a default password its up to the owner to change that default password for
their own protection so don't blame telkom its the idiots that are not wise enough to use the equipment and
don't bother reading the manual!!!
 
Hi,

The problem isn't just with the admin/admin password sequence.

It's the fact that Telkom leave remote admin on, which allows people from outside the network, to gain access to their modem using the admin/admin password. If it wasn't for the Remote Admin, I don't think changing the default password would be that much of a big deal. Telkom could always instruct the firmware, to disable remode admin by default. Instead the keep it on.
 
Your argument comes falls under the auspices of RULE: 34



but anyway... The truth is... the weak link in any security system has always been the user and the PIN/PASSWORD.

1) How many alarm codes are still set to the default 1-2-3-4-#??? Then people moan. I think installers need to insist that the owner changes PINs there and then.
2) All modems have the default user/pass... THE USER MUST CHANGE IT ASAP!
3) How many people run around with GUEST accounts still active on their WINDOWS and on their MODEMS? guest accounts have admin rights by default... LOL!
4) How many people have their credit card PIN as their birth date? Yes... there are other people besides you who have thought of doing it!
5) How many people use the same password for FaceBook as their email accounts, DSL accounts, iTunes accounts... these forums accounts?
6) How many people leave "Remember Password" checked?

When you line all the stupid security measures up like I have just done you realise how silly some people still are with regard to internet security... unfortunately... the number is FAR GREATER than you think.

For Pete sake's people... USE YOUR BRAINS!
 
From Telkom Support http://www.telkom.co.za/products_services/dsl/support_dsl_modem.html

To ensure that your Internet access is secured from intrusions the following steps are advisable.

1. Regularly change the default Password of the ADSL modem/Router
2. Ensure that Wireless encryption is always turned ON.
3. Change the default SSID
4. Change the default encryption key
5. Enable MAC Address Filtering
6. Disable the broadcasting of the SSID
7. Enable Firewalls On Each Computer and the Wireless ADSL modem/Router
8. Turn off the Wireless portion if not used

Instructions regarding the above security measures are published in the user guides for the Telkom supplied modems.
Click to expand...

I'd say that Telkom have tried their best to overcome the idiot factor.
 
This is so old...but I guess the average user this is news to doesn't read MyADSL either. You remember those spates of ADSL accounts being "stolen"? ohhi

Scan IPs,check port 80/8080 being open,poke at it
 
OverKill69 said:
Your argument comes falls under the auspices of RULE: 34



but anyway... The truth is... the weak link in any security system has always been the user and the PIN/PASSWORD.

1) How many alarm codes are still set to the default 1-2-3-4-#??? Then people moan. I think installers need to insist that the owner changes PINs there and then.
2) All modems have the default user/pass... THE USER MUST CHANGE IT ASAP!
3) How many people run around with GUEST accounts still active on their WINDOWS and on their MODEMS? guest accounts have admin rights by default... LOL!
4) How many people have their credit card PIN as their birth date? Yes... there are other people besides you who have thought of doing it!
5) How many people use the same password for FaceBook as their email accounts, DSL accounts, iTunes accounts... these forums accounts?
6) How many people leave "Remember Password" checked?

When you line all the stupid security measures up like I have just done you realise how silly some people still are with regard to internet security... unfortunately... the number is FAR GREATER than you think.

For Pete sake's people... USE YOUR BRAINS!
Click to expand...

+10000
 
dadiggle said:
Your router password is your account password. Everyone got his own so it wont be the default password.
Click to expand...

When was the last time you installed a router bought from a Telkom front office.

All routers they sell has the standerd admin/admin username and password. You have to change it yourself. So if your router has your account password on it it had to be done by whoever installed it for you and changed it at the time of installation.
 
People are too lazy to do the necessary, thinking that it will never happen to them.

Until a leecher happens...
 
PaulB_ZA said:
Hi,

I was speaking to a friend of mine, in CT.

He told me, about that he can hack into people's ADSL modems, and get their ADSL passwords, using Angry IP Scanner.

I doubted what he told me, but one day I was bored, and decided to try it for myself. Took me quite a while, to find the correct IP ranges, and get the correct settings for it to scan. However, once I had found the correct ranges. I found about over 100 devices, many of which I could gain access into their modems by just using the admin/admin password sequence. I only let it scan for about 10 minutes, before terminating it, becuase I had found what I was looking for, and I wasn't there, to hack peoples modems, only just to see if it actually worked. This has made me disgusted by Telkom. How can they provide ADSL modems to their customers, with that big vulnerability? Getting into peoples modem settings, may not be that big of a deal, however the stuff you can change, is just like sitting inside an internal LAN.

Please note, this may be the same for other ADSL provides, but I haven't tried it for other SA providers.

Why does Telkom do this, if that happened in NZ, the providers would be sued till the cows come home.
Click to expand...

Although almost all physical lines are provided by Telkom, they only provide modems for people using them as their ISP (Of which they are one of many) and people are free to use their own modems. They do *not* do any administration on the user side - if the user keeps the default passwords they have no one to blame but themselves. The services here are not as integrated as in NZ and as such neither is the accountability.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X