When Alex* found a security flaw in his Optus cable modem that allowed anyone with some basic technical knowledge to receive and make calls using his phone number and to see who he called and when, his jaw dropped. Not only did the flaw allow for his call records to be accessed and home phone to be hijacked, it also gave outsiders the potential to mess with his Wi-Fi, reset his modem and compromise his entire home computer network.
• SHARE • • • Link Optus has fixed a flaw that left cable subscribers vulnerable to hacking. The maligned default 'admin' password. Optus had left a back door wide open for others to remotely access Alex's modem. It didn't change the manufacturer's password to something more secure on the modem, which is also used by tens of thousands of other Optus customers with the same default password which can't be changed by users. • SHARE • • • Link The details as they appeared when logged in via SSH or Telnet.
Identifiable information redacted. Photo: Supplied Optus' warns customers against using default and. It appears the flaw was left in place deliberately by Optus to administer cable modems remotely, and was overlooked by helpdesk staff when assisting subscribers. It allowed those on the Optus network, or hackers with access to a computer on the network, to access the modems remotely.
El Factor Aladino Pdf Download. 'I was actually quite shocked and I guess a little concerned because I had access to this information and I didn't know what to do with it,' Alex, from Sydney, said. 'I actually contemplated picking up the phone and speaking to Optus and then I kept on thinking to myself that there's probably going to be some adverse repercussions for doing that.' • SHARE • • • Link Gateway to your home: a flaw in Optus cable modems allowed those with technical knowledge to gain access to it remotely.
Photo: Netgear Instead, he anonymously. When no one responded, Alex contacted Fairfax Media. 'A large organisation that offers services Australia-wide should not have this vulnerability,' he said. 'Someone could write a program that could just sit there and scan and collect all of this information and build a database. 'What's stopping anyone else from doing that? This is a real security issue.'
SAGEMCOM SUPPORT. HOTLINE Contact us. Legal notice All rights reserved Š Copyright 2012 - Sagemcom SAS, Rueil Malmaison, France. Here are the steps find here. Do you think I will be fine folowing these steps? 1) Download sibisties' Line Stats & Telnet Unlock Tool from here: »mega.co.nz/#!ohMxkArD!JKqV9gd9wB2qQqm38A; - For more. Apr 10, 2013 - [DSL] Sagemcom F@ST 2864 bridge mode guide. [DSL] Sagemcom 2864 Serial Number. Here is my tool to enable Telnet access and a line stats page for Sagemcom F@st 2864 modems.
With access to the information stored on the modem, a hacker could hijack an Optus customer's phone number and see their call history, turn off or change Wi-Fi settings, lock users out, and install malicious software on personal computers to steal data. Australian security expert said there was potential for hackers to do what 'they liked' with the modem and the access. Netgear said the remote access was left on to allow Optus staff to log in to modems remotely 'for diagnosing network problems to improve customer experience'. Remote management tool The remote management tool, known as Secure Shell, or, was the tool left with the default password in place. Such a tool is not typically needed by home internet users. It is used by those with technical knowledge to make quick changes to modems without requiring interaction with users. Another remote access tool,, was also left with the same default password. Optus said the remote access was only used in rare cases by its staff for urgent deployment of updates to individual subscriber's modems on a case-by-case basis. It deployed a fix for the flaw on Thursday. Fairfax Media gave Optus time to secure the modems before publishing.
Why no one thought to change the default password to something more secure remains unclear, particularly given that a number of Optus staff would have had to type 'admin' into a command-line when administering subscribers' modems. A security review is now underway, Optus said, adding that the Privacy Commissioner would be notified.
How it was fixed The company's fix was to use another administrative tool to update each modem's configuration and change user name and password combinations to something more complex. It knocked customers offline for about three minutes on Thursday and forced each modem to restart to enable the updated configuration. Optus said it did not detect any peaks in SSH or Telnet traffic that would indicate the flaw had been used widely by hackers before it was fixed, but didn't rule it out. 'Optus takes privacy and security very seriously, and at this stage we have found no evidence that this vulnerability has been breached,' an Optus spokesman said. 'We will be undertaking a thorough review of our processes to ensure that this type of issue does not reoccur.' Hunt said the flaw was serious and suspected Optus would likely never know for sure whether it had been used by hackers. He recommended Optus do a full audit of all its IT systems.
'If there is something so fundamental as a default password on a large number of devices that's been rolled out to so many locations. What other things have slipped under the radar given that there's clearly a lack of quality control going on there?' 'Often it's one of those things where there's smoke there's fire.'
Netgear said it did not introduce the configuration problem and added that the CG3000v2 modem was only supplied to Optus, not other telcos. 'A potential configuration vulnerability is serious but can be patched very quickly, this is not due to a bug in the product itself,' a Netgear spokesman said.
*Alex is a pseudonym. He chose not to be identified for fear of legal action.
I’ve been trying to improve my Skype call quality at home and the guys I work with who know about this sort of stuff have suggested that my cheap ISP-supplied router may be part of the problem. Put simply, is fine for a bit of web surfing, it even streams video from iPlayer, etc. OK, but it’s not up to the task for P2P or real time media. I was playing around with some of the settings and found that the router wasn’t behaving reliably (when I applied changes, and they weren’t applying) so I called PlusNet, who gave me two options: factory reset and a new router.
I went for both. The factory reset got me back up and running until the new router arrived. And, whilst I’ve yet to see if my Skype for Business call quality improves, everything else about it seems to be a retrograde step: The hardware design is flawed – when fixed to the wall, the router’s Ethernet ports are inaccessible (there isn’t enough room for them to turn through 90 degrees!) and, despite having a Gigabit Ethernet switch the ports are only 10/100 (yes, the ADSL connection is much slower than that but the cheap Ethernet ports reduce the speed of the local network).
Then, there’s the firmware that Plusnet have applied to the router which takes dumbing down to a new level. At least with the TG582n I could make a telnet connection for advanced configuration; Plusnet have blocked telnet, SSH and SNMP so there’s no way to manage the device. They’ve also removed the ability for ICMP to be enabled so flat-lined when I plugged in the new router: No ICMP, no ping test Worst of all, the Plusnet firmware hides the ability to change the IP address of the router, or to turn off DHCP. Given that I have a business account and that the paperwork with the router says “Welcome to Plusnet Business”, I’d have thought that almost any business with more than a handful of users would have its own DHCP server and may want to control the IP range in use (as I do – ). Luckily, after some hunting around I found with the details I needed: Log into it using with the admin name and password. Select >Advanced Setup >LAN First select the ‘Disable DHCP Server’ radio button, then at the top, change the IP address  now click Apply/Save at the bottom. The 2704n will now update and the page will start to refresh but won’t complete as you now have to change the address in your browser URL bar to In all likelihood, I’ll be buying a new router.
Something decent for ADSL2+ that will also work if I do upgrade to FTTC later. In the meantime, at least I’ve managed to get over the biggest hump with reconfiguring the Sagemcom 2704n. Sagemcom 2704n FTTC ADSL2+ *** NOT VDSL*** Question: What router would people recommend with a WAN ethernet to connect to BT Openreach Fibre Modem. Port Forwarding not working for me with the Sagemcom 2704n. Plusnet accepts that they have no knowledge of rectifying this problem. I Trust it is a matter of finding a good router to accept Port Forwarding, and hope it’s not a Plusnet oversight. My Plusnet Fibre service is 76mbs.
I get 73-76mbps Down & 18-20mps Up so I’m happy with my service and the 2704n speed. I have bought a static IP from Plusnet for £5.99 one off payment. Checking all ports internally or externally says all ports are blocked for either the Static IP or my Computer IP (Port Forwarding Problem?). All I need is to run an FTP/FTPS server on Ports: 20,21,22 with HTTP Port:80 etc.
At this point I’m looking at ADSL2+ or VDSL routers that will cope, I don’t mind which but as long as it can either daisy chain to a BT Openreach Fibre Modem or even replace the BT modem. And successful utilise the port forwarding. Router has to have the WAN ethernet to connect to BT Openreach Fibre Modem. Any info would be great and thank you!!