Telkom DLink dwr 730 hacked :(

[Brawler]

So looks like my LTE wifi router was hacked. Its part of my telkom integrated data package so I barely use it but still rather annoyed.

GF was house sitting in Pinelands and the houses WiFi was set to hidden network. Rather than buggering around with that I just thought she could use my LTE router. Same night it stopped working and when she reported it I just figured it was PEBCAK. Clearly it has happened here before hence the hidden network.

My LTE router wifi network had a 10 character WPA key with uppercase, lowercase and numbers. They got in to the network and obviously into the router control panel to as they changed the SSID to 'HACKED' so now I'm locked out. Ass holes.

Just a heads up and if someone knows how to resolve that would be good too. Factory reset?

 

[Alton Turner Blackwood]

Factory reset?

Wouldn't that be the obvious thing to do if you're locked out?

 

[PsYTraNc3]

https://mybroadband.co.za/vb/showth...link-2750u-Hacked?highlight=telkom+dlink+hack

Check that thread, the same applies to the router you have and probably how they got in.
Same thing happened to a neighbor of mine.

 

[Brawler]

Wouldn't that be the obvious thing to do if you're locked out?

Really not ideal as it was preconfigured with some Telkom APN or something. I kind of knew the answer but was more of a FYI. Didn't think WPA was so easy to hack.

 

[Hamish McPanji]

Really not ideal as it was preconfigured with some Telkom APN or something. I kind of knew the answer but was more of a FYI. Didn't think WPA was so easy to hack.

Apn for integrated is usually:

TelkomInternet

Always put your WiFi routers on WPA2 and AES

 

[Brawler]

Apn for integrated is usually:

TelkomInternet

Shot. Will fiddle when I get home tonight.

 

[Topdoggdbn]

Same happened a few weeks back. factory reset, upgrade firmware.
Changed passwords when at home.
Came to work and hacked again.

My solution modem in bin and sim in dual sim

 

[Gnome]

Few things:

Hidden SSID is pointless from a security perspective
Your "hack" was almost certainly NOT through the wifi.
Instead someone "hacked" it from the internet side.

Need an example?
Cybersmart for example hand out routers for their Lightspeed Fiber product and set it up to allow remote access.
Random example: http://196.22.245.32/

I have no idea who's router that is but it has public access and it won't take long to get in.

Disable remote access and any kind of Telkom remote monitoring.

Finding these routers is super easy, once you know the CIDR you can write a script that finds the hosts and "hacks" it with a script.

Your router probably wasn't even "hacked" by a person, instead someone likely is running a script that is finding open routers, logging in and configuring the router all with a script.

my 2c.

 

[Brawler]

Few things:

Hidden SSID is pointless from a security perspective
Your "hack" was almost certainly NOT through the wifi.
Instead someone "hacked" it from the internet side.

Need an example?
Cybersmart for example hand out routers for their Lightspeed Fiber product and set it up to allow remote access.
Random example: http://196.22.245.32/

I have no idea who's router that is but it has public access and it won't take long to get in.

Disable remote access and any kind of Telkom remote monitoring.

Finding these routers is super easy, once you know the CIDR you can write a script that finds the hosts and "hacks" it with a script.

Your router probably wasn't even "hacked" by a person, instead someone likely is running a script that is finding open routers, logging in and configuring the router all with a script.

my 2c.

thanks, good info.

 

[nemo415]

Disable WPS.

Most likely they brute forced the WPS Pin.

 

[PolarBearSA]

Disable WPS.

Most likely they brute forced the WPS Pin.

This has become the new thing, I have seen a few apps on the playstore that allow a nonrooted device to bruteforce the WPS out of a router. Then for those who like to mess about root phone, install Kali and there you go.

Have heard a few stories of WPS being the downfall from a few people i know that leave it on by mistake and people have access to it.

 

[PolarBearSA]

Disable WPS.

Most likely they brute forced the WPS Pin.

This has become the new thing, I have seen a few apps on the playstore that allow a nonrooted device to bruteforce the WPS out of a router. Then for those who like to mess about root phone, install Kali and there you go.

Have heard a few stories of WPS being the downfall from a few people i know that leave it on by mistake and people have access to it.

 

[Dizzle]

As the other posters mentioned:
Use WPA2 with AES
Disable WPS
Upgrade the firmware

Also do not hide SSID, even though it's hidden one can still find out easy what the SSID is.
Make sure you change the default login password.
Disable remote management of device.
Disable PnP
And check devices that connect to the router are not compromised.

One thing hackers consistently scan Network Subnets, this cause you to loose some data as ISP measures it as income traffic on your router.

 

[SauRoNZA]

Disable WPS.

Most likely they brute forced the WPS Pin.

No they didn't...read above.

This isn't even a "hack" at all.

It's a failure on Telkom's part using a default configuration with a known username and password that isn't randomized or protected in any way.

It's a simple case of something having the WAN IP (a known range) and using a known username/password to login.

There's no hack. It's just using openly available knowledge.

So the solution is...

Disable Remote WAN Access.

OR

Disable the Telkom Username and/or change the password.

 

[Dizzle]

He has an LTE router, most probably a B315s. If I remember correctly it does not have the support/telkom login

 

[Gnome]

I just noticed I forgot to post two helpful links:

Get your WAN ip: https://www.whatismyip.com/
Paste IP into this tool and click scan: https://mxtoolbox.com/PortScan.aspx

Open ports 21, 22, 23, 80 and 443 are immediate red flags.
Any open ports IMO should be avoided however.
If remote access is a must choose a random port in the ephemeral range and ideally only open it up when you need to.

Scanning for ports accepting any of the above mentioned protocols can be scripted to execute pretty quickly (even for routers that blackhole)
But only a dedicated hacker would want to scan the ephemeral range (or really bored hacker)

 

[nemo415]

No they didn't...read above.

This isn't even a "hack" at all.

It's a failure on Telkom's part using a default configuration with a known username and password that isn't randomized or protected in any way.

It's a simple case of something having the WAN IP (a known range) and using a known username/password to login.

There's no hack. It's just using openly available knowledge.

So the solution is...

Disable Remote WAN Access.

OR

Disable the Telkom Username and/or change the password.

But prior to accessing the config, you surely need to be on the network itself?

So my understanding is that the hacker first brute forced the WPS, gaining access to the network, then used the default username and pin to change the ssid.

 

[SauRoNZA]

But prior to accessing the config, you surely need to be on the network itself?

So my understanding is that the hacker first brute forced the WPS, gaining access to the network, then used the default username and pin to change the ssid.

No. They connect from the Internet.

That’s most of the problem.