Hyperoptic's ZTE-made 1Gbps routers had hyper-hardcoded hyper-root hyper-password A security vulnerability has been found in Brit broadband biz Hyperoptic's home routers that exposes tens of thousands of its subscribers to hackers. The gigabit provider's routers are made by ZTE, the Chinese electronics giant that American and British spy agencies have sounded an alarm over. The United States has also …
Actually they were very up front about it. The engineer who did my install said that the router is pretty good, but they mainly chose it for its wifi performance, so if I wanted to get as close to 1000Mbit as possible I'd need a better router.
I use an ER-lite, and the ZTE router as an AP.
"we know the router's crap, buy another" hardly inspires confidence in the overall product - and these are the sorts of companies that are trying to challenge Openreach and Virgin?
Do Hyperoptic even do IPv6 yet? Yet another major omission (which is strange considering that even BT, with their masses of legacy kit and stifling bureaucracy, has managed it)
It's supposed to be a premium service. It should be capable of routing at line speed. "it does 850Mbps" is a cop out when you're paying for what is nominally a gigabit service (well, around 940Mbps after overheads etc)
(and considering this news article - the router clearly is crap)
That might explain why I was getting more than the expected number of ssh root login attempts from Chinese IP addresses on the router I put on a Hyperoptic connection in place of the supplied one.
You expect to get bots trying to exploit ssh, but from all around the world. These were from (mostly) one particular (large) Chinese ISP, and persisted over a period of months. It might just be a coincidence, but who knows?
I tend to regard ISP-supplied CPE with a fair amount of suspicion. At least I know (or can teach myself) how to set up a basic router. Lots of people can't (or won't), and that 's a problem for which I have no reasonable solutions.
I tend to regard ISP-supplied CPE with a fair amount of suspicion.
As a customer of Virgin Media, and blessed with their shitbag Hub 3, I can understand why. Unfortunately for most high speed broadband providers the ISP offers no choice of modem, and the bimbling idiots of Ofcom turn a blind eye to the EU rules requiring that ISPs provide a choice of terminal equipment.
Yet another reason to shut down the Ofcom Home for the Useless, and turn them all out onto the streets (ideally from a third floor window).
"Unfortunately for most high speed broadband providers the ISP offers no choice of modem, and the bimbling idiots of Ofcom turn a blind eye to the EU rules requiring that ISPs provide a choice of terminal equipment."
With the sole exception of Sky, no UK ISP actively prevents you from using your own router. Virgin require that the superturd be used, but at least there is a modem mode to turn off most of the nastiness. FTTH networks like Openreach's (for the few who can get it) necessitate the use of the telco supplied modem, but you can still use your own router. ADSL and FTTC customers can buy one of many models of modem or modem+router - from a TPlink cheapie all the way to a Cisco ISR if you are so inclined.
Not really sure what Ofcom or the EU have to do with this. Even TalkTalk have an automated phone line where it'll read out your PPP username and password for any router of your choice.
With the sole exception of Sky, no UK ISP actively prevents you from using your own router.
Sorry, I should have been clearer: I don't class 80 Mbps as high speed broadband, and was referring to the primarily cable and (real) fibre networks, which is primarily, but not solely Virgin Media
Not really sure what Ofcom or the EU have to do with this
EU rules require that ISPs allow customers a choice of "terminal equipment", Ofcom are (laughably) the enforcer of relevant EU regulations. You get that choice with most Openreach ISPs, not with most non-Openreach networks - again Vermin Media are the prime suspects. Ofcom had a timid look at these rules in the middle of last year, and then backed off without saying or doing anything.
Who??????
You could do a search on them, but to explain why not that many people have heard of them, they specialise in "built in at construction" gigabit broadband networks, usually for multi-occupancy buildings or estates of apartments. They install under contract to the developer, and that gives them a virtual monopoly on ISP services because nobody else would risk trying to retrofit FTTP into apartment blocks already served by a gigabit network. So no real need to advertise at all.
Having worked with developers on a similiar (non telecoms) concepts, I wouldn't be surprised if Hyperoptic have to pay a big fat wad to the developer for the right to do this, then add that to the costs served to almost captive customers. Headline pricing for Hyperoptic doesn't actually look at all bad, but I suspect that their costs are far lower than anybody trying to build FTTP by retrofit, there's no marketing costs of significance, and the churn is probably tiny, so margins are probably very healthy (until they're bought by some slimeball corporation and the M&A costs get added to the bills).
I pay £38/month for gigabit, but that was on a deal. My entire estate (~5k homes) has access to hyperoptic. We also all have BT FTTH, so no monopoly, but since that is ~£60/month for 300Mbit, not many people take that. From the wifi that pop up on my phone, there are a few BT, a fair few SkyFibre, and a lot of hyperoptic.
Same situation as Tony38, except that we also have Virgin cable. No copper, so no ADSL available, you are limited to cable or fibre providers. I only pay £22/month but that's because I chose a 30Mb package which is enough for my home use. And no phone line required, so it's a no-brainer compared to BT!
General reason: people don't do their homework to find the best possible options.
Other possibilities:
- better deal negociated with BT
- Hyperoptic doesn't offer TV or phone packages (besides a phone line)
- bad experience with another provider
- Openreach ONT was already installed when they moved in (was my case) and they followed the path of least resistance to get a connection (brings us back to the general reason)
They certainly did do retrofits. I don't know if they still do. But if you think you will get nice bright and shiny IPv6 with your bright and shiny new Gigabit-capable network, you'll need to think again*. No IPv6, and they use Carrier-Grade NAT. This takes the shine off things a bit.
*Apparently, it is finally being rolled out, but it hasn't reached the routers I am responsible for.
https://www.ispreview.co.uk/index.php/2017/12/gigabit-fttb-fibre-broadband-isp-hyperoptic-start-uk-ipv6-rollout.html
WTF? Why with all the knowledge that has accumulated in the past years, does anyone (manufacturer) find the need to hard code credentials into hardware unless it is for nefarious reasons. This shit does not help with my over abundant paranoia.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
