Telkom DLink dwr 730 hacked :(

Brawler

Honorary Master
Joined
May 23, 2006
Messages
11,472
So looks like my LTE wifi router was hacked. Its part of my telkom integrated data package so I barely use it but still rather annoyed.

GF was house sitting in Pinelands and the houses WiFi was set to hidden network. Rather than buggering around with that I just thought she could use my LTE router. Same night it stopped working and when she reported it I just figured it was PEBCAK. Clearly it has happened here before hence the hidden network.

My LTE router wifi network had a 10 character WPA key with uppercase, lowercase and numbers. They got in to the network and obviously into the router control panel to as they changed the SSID to 'HACKED' so now I'm locked out. Ass holes.

Just a heads up and if someone knows how to resolve that would be good too. Factory reset?
 

Brawler

Honorary Master
Joined
May 23, 2006
Messages
11,472
Wouldn't that be the obvious thing to do if you're locked out?

Really not ideal as it was preconfigured with some Telkom APN or something. I kind of knew the answer but was more of a FYI. Didn't think WPA was so easy to hack.
 

Hamish McPanji

Honorary Master
Joined
Oct 29, 2009
Messages
42,084
Really not ideal as it was preconfigured with some Telkom APN or something. I kind of knew the answer but was more of a FYI. Didn't think WPA was so easy to hack.
Apn for integrated is usually:

TelkomInternet

Always put your WiFi routers on WPA2 and AES
 

Topdoggdbn

Senior Member
Joined
Mar 24, 2009
Messages
734
Same happened a few weeks back. factory reset, upgrade firmware.
Changed passwords when at home.
Came to work and hacked again.

My solution modem in bin and sim in dual sim
 

Gnome

Executive Member
Joined
Sep 19, 2005
Messages
7,208
Few things:

Hidden SSID is pointless from a security perspective
Your "hack" was almost certainly NOT through the wifi.
Instead someone "hacked" it from the internet side.

Need an example?
Cybersmart for example hand out routers for their Lightspeed Fiber product and set it up to allow remote access.
Random example: http://196.22.245.32/

I have no idea who's router that is but it has public access and it won't take long to get in.

Disable remote access and any kind of Telkom remote monitoring.

Finding these routers is super easy, once you know the CIDR you can write a script that finds the hosts and "hacks" it with a script.

Your router probably wasn't even "hacked" by a person, instead someone likely is running a script that is finding open routers, logging in and configuring the router all with a script.

my 2c.
 

Brawler

Honorary Master
Joined
May 23, 2006
Messages
11,472
Few things:

Hidden SSID is pointless from a security perspective
Your "hack" was almost certainly NOT through the wifi.
Instead someone "hacked" it from the internet side.

Need an example?
Cybersmart for example hand out routers for their Lightspeed Fiber product and set it up to allow remote access.
Random example: http://196.22.245.32/

I have no idea who's router that is but it has public access and it won't take long to get in.

Disable remote access and any kind of Telkom remote monitoring.

Finding these routers is super easy, once you know the CIDR you can write a script that finds the hosts and "hacks" it with a script.

Your router probably wasn't even "hacked" by a person, instead someone likely is running a script that is finding open routers, logging in and configuring the router all with a script.

my 2c.

thanks, good info.
 

PolarBearSA

Active Member
Joined
Mar 30, 2013
Messages
86
Disable WPS.

Most likely they brute forced the WPS Pin.

This has become the new thing, I have seen a few apps on the playstore that allow a nonrooted device to bruteforce the WPS out of a router. Then for those who like to mess about root phone, install Kali and there you go.

Have heard a few stories of WPS being the downfall from a few people i know that leave it on by mistake and people have access to it.
 

PolarBearSA

Active Member
Joined
Mar 30, 2013
Messages
86
Disable WPS.

Most likely they brute forced the WPS Pin.

This has become the new thing, I have seen a few apps on the playstore that allow a nonrooted device to bruteforce the WPS out of a router. Then for those who like to mess about root phone, install Kali and there you go.

Have heard a few stories of WPS being the downfall from a few people i know that leave it on by mistake and people have access to it.
 

Dizzle

Active Member
Joined
Nov 3, 2010
Messages
56
As the other posters mentioned:
Use WPA2 with AES
Disable WPS
Upgrade the firmware

Also do not hide SSID, even though it's hidden one can still find out easy what the SSID is.
Make sure you change the default login password.
Disable remote management of device.
Disable PnP
And check devices that connect to the router are not compromised.

One thing hackers consistently scan Network Subnets, this cause you to loose some data as ISP measures it as income traffic on your router.
 

SauRoNZA

Honorary Master
Joined
Jul 6, 2010
Messages
47,847
Disable WPS.

Most likely they brute forced the WPS Pin.

No they didn't...read above.

This isn't even a "hack" at all.

It's a failure on Telkom's part using a default configuration with a known username and password that isn't randomized or protected in any way.

It's a simple case of something having the WAN IP (a known range) and using a known username/password to login.

There's no hack. It's just using openly available knowledge.

So the solution is...

Disable Remote WAN Access.

OR

Disable the Telkom Username and/or change the password.
 

Dizzle

Active Member
Joined
Nov 3, 2010
Messages
56
He has an LTE router, most probably a B315s. If I remember correctly it does not have the support/telkom login
 

Gnome

Executive Member
Joined
Sep 19, 2005
Messages
7,208
I just noticed I forgot to post two helpful links:

Get your WAN ip: https://www.whatismyip.com/
Paste IP into this tool and click scan: https://mxtoolbox.com/PortScan.aspx

Open ports 21, 22, 23, 80 and 443 are immediate red flags.
Any open ports IMO should be avoided however.
If remote access is a must choose a random port in the ephemeral range and ideally only open it up when you need to.

Scanning for ports accepting any of the above mentioned protocols can be scripted to execute pretty quickly (even for routers that blackhole)
But only a dedicated hacker would want to scan the ephemeral range (or really bored hacker)
 

nemo415

Well-Known Member
Joined
May 22, 2011
Messages
478
No they didn't...read above.

This isn't even a "hack" at all.

It's a failure on Telkom's part using a default configuration with a known username and password that isn't randomized or protected in any way.

It's a simple case of something having the WAN IP (a known range) and using a known username/password to login.

There's no hack. It's just using openly available knowledge.

So the solution is...

Disable Remote WAN Access.

OR

Disable the Telkom Username and/or change the password.

But prior to accessing the config, you surely need to be on the network itself?

So my understanding is that the hacker first brute forced the WPS, gaining access to the network, then used the default username and pin to change the ssid.
 

SauRoNZA

Honorary Master
Joined
Jul 6, 2010
Messages
47,847
But prior to accessing the config, you surely need to be on the network itself?

So my understanding is that the hacker first brute forced the WPS, gaining access to the network, then used the default username and pin to change the ssid.

No. They connect from the Internet.

That’s most of the problem.
 
Top