Only an id10t...
What kind of idiot would...
Wait a sec, lemme check something...
*clickity* *click* Hmmmm *clickity* *clack*; Nope; Yes we're good Phew!
Only a damned fool would leave a debugging port open after the work is finished
Singaporean broadband subscribers were left vulnerable to attackers after their ISP opened remote access ports on their gigabit modems and forgot to close them. The discovery was made by NewSky Security researcher Ankit Anubhav, who used Shodan to scan for SingTel routers open on port 10,000 – the default Network Data …
The point is the vulnerability shouldn't have been there in the first place. More proof, were such needed, that using an ISP supplied router is tantamount to giving them your house keys.
Pray tell, how was this port opened in the first place and, more importantly, how did the ISP close it without a backdoor?
Pray tell, how was this port opened in the first place and, more importantly, how did the ISP close it without a backdoor?
You might be able to go to the router's webadmin page and turn it off, however some ISPs set things up on the router so you can't. Lots of potential for fun because the port your ISP uses for TR-069 is bound to become public knowledge, the ISP might not have shut everyone from outside their network out because they're clueless like that, and then you have every botnet around banging on that port for that ISP and something's bound to give.
The point is the vulnerability shouldn't have been there in the first place.
I respectfully disagree with you here. I cannot think of a single IT outfit that hasn't screwed things up royally at some point. It's going to happen. What I am more concerned with is how it is handled. While we do not have all the details on this, it seems to have been dealt with appropriately once it was made known to the ISP.
The point is the vulnerability shouldn't have been there in the first place.I respectfully disagree with you here. I cannot think of a single IT outfit that hasn't screwed things up royally at some point.
I agree with Chronos (the original poster). Sure, everyone screws up, but that's not the same thing as intentionally having an open port. It's not just a mistake in forgetting to close it, it should never exist - someone could exploit it any time it's open, and it also implies no encryption on the connection.
If they need some access, it should always be encrypted and password/key protected.. There should never be a case of a vulnerability just because they forgot to close it.
I think this is the only time I've seen these used correctly - i.e. for a specific test that then results in something actually being done to resolve it rather than completely ignoring the end users who are the ones who end up having to pick up the pieces, possibly with the privilege of paying for them too.
This does not change my opinion that the primary 'benefit' of these services is to enable rapid botnet deployment and mass hacks.
Many years ago I was at the airport, with my friend who was off for a holiday in Singapore. Singapore government had a guy there that was checking if all people on the way to their country where "suitable". I had a bit of a chat with him. Apparently I would have been turned back had I attempted to go there, due to my unix beard.
That'll be why they have this sort of technical problem, lack of proper beards.
I'll get my coat, though it wont cover my beard.
...I'm justified in paying a bit of money to buy my own quality router instead of using the ones provided by ISPs. I've done that for years. In the new house, that will be the excuse for wasting over £200 on one. Can't use my old one as the new place will have fibre.
Just done the same myself (my Fritz!Box 7590 should be arriving sometime between tomorrow and the end of the week, whilst my faithful old D6200 goes to have a rest in the attic after many years faithful service (as it's only ADSL and can't do VDSL).
The fact that my ISP supplied router is a £35 POC that doesn't even have gigabit Ethernet ports being part of it, and also the fact that I can't firmware upgrade it myself (and the supplied firmware is known to be buggy), plus to cap it all off even after a full factory reset they can't connect to the damn thing either to do it for me. And they've even seemingly locked it out of useful stuff like being able to change the DNS or put it into modem-only mode to daisy-chain it to the D6200.
Given they can't do the one thing that would be required, time to go self-administered and get some decent kit in place.
I have the older Fritzbox 7490. Very nice piece of kit. When an update caused a problem with just one VOIP provider, they were very responsive, took all the logs and included the solution in the next update.
From my perspective, all that's missing the ability to see which PC is using all the bandwidth. They like the idea though and are planning to add it in the future.
I just wish their central heating controllers were cheaper.