pdos
Active Member
There seems to be a major security hole in the way adsl routers are installed on customer premises
The router is shipped with standard, well known user id and password. (AND INSTALLED LIKE THIS WITHOUT CHANGE)
I have snooped around on the telkom ADSL subnet and found that I could log on to other customer's adsl routers. If I was malicious I could have changed their settings or brought down their network. I could quickly and easily write a script to discover all the routers, logon on and make changes.
What should happen is that when Telkom install the routers they should customise the root password and possibly put it on a sticker on the underside of the router modem.
I have spoken to Telkom who proved to be completely uncaring and unresponsive - 'customer responsibility' was their mantra. But the average small business that buys this service cannot be expected to have this expertise.
So my last resort is to publicise this security loop hole.
The router is shipped with standard, well known user id and password. (AND INSTALLED LIKE THIS WITHOUT CHANGE)
I have snooped around on the telkom ADSL subnet and found that I could log on to other customer's adsl routers. If I was malicious I could have changed their settings or brought down their network. I could quickly and easily write a script to discover all the routers, logon on and make changes.
What should happen is that when Telkom install the routers they should customise the root password and possibly put it on a sticker on the underside of the router modem.
I have spoken to Telkom who proved to be completely uncaring and unresponsive - 'customer responsibility' was their mantra. But the average small business that buys this service cannot be expected to have this expertise.
So my last resort is to publicise this security loop hole.