MyBroadband forum members recently discovered an exposed route on Rain’s network following a report of an abnormal SIM set-up by a Rain user.
A forum member stated that when setting up a friend’s router using a Rain Mobile SIM, he was presented with two login pages.
Both pages had 172.16.0.x addresses and displayed the following:
- Juniper Web Device Manager login page.
- Network Camera Real-Time Monitoring System login page.
Following his post, several forum members attempted to access the login pages using their Rain connections.
They stated that the first page appeared to be for a switch on the Rain network, which “should be hidden behind a firewall”.
The second page was a login page for a networked camera, which could reportedly be accessed using default login credentials.
After it was accessed, a screenshot of the camera feed was posted which showed what appears to be a portion of a data centre – a cage with server racks in it.
Temporary network route
MyBroadband contacted Rain about the issue, and the company responded immediately thanking us for the information. Shortly after this, Rain informed us the issue had been fixed.
Rain CEO Willem Roos stated that they recently moved offices and rationalised their data centres, which required the creation of a temporary network route.
“Our team unfortunately erred in not removing the route once the project was complete,” said Roos.
Roos said it must be emphasised that no sensitive data was accessible via the route and no data breach occurred. He added that:
- The route could only be accessed from the Rain network and not the open Internet.
- Access could only be gained to the small dedicated camera network inside the data centre.
- Rain’s core systems and, in particular, any customer data could not be accessed via this route. As such no data breach occurred.
“This is certainly an error on our part, and we have improved our processes to minimise the chances of a recurrence.”