Verizon Changing Users Router Passwords

Kohenkatz writes "I have Verizon FIOS at home and my Verizon-supplied Actiontec router had the password 'password1' that the tech assigned to it when he set it up three years ago. I received an email from Verizon that said 'we have identified that your router still had a password of either password1 or admin1 and we have changed it to your serial number.' I checked and it actually had been changed. I believe this to be in response to the Black Hat presentation about the hackability of home routers. I am upset about this because Verizon should not have any way to get into my router and change the settings, especially because I own the router, not them! I looked in the router's settings and I see port 4567 goes to the router and is labeled 'Verizon FIOS Service.' Is this port for anything useful other than Verizon changing settings on my router? What security measures does Verizon have to protect that port from unauthorized access?"

Re:Perhaps a little cheese with that whine?

[thestuckmud]

My provider allows third party modems. Absent a conspiracy between manufacturers and providers, there is no way they can force updates on my equipment.

You are correct about the fine print, though. They reserve the right to update their software on my equipment (including computers). The simple solution there is not installing their software in the first place.

Erm.... TR-069, anyone?

[jimicus]

AFAICT, many ISPs that supply their own routers are actively looking at (if they're not already) supplying routers which support TR-069 and setting up infrastructure to configure them.

This is a protocol intended for the management of home routers - unlike SNMP, it's got some semblance of security (it's actually based on SOAP over HTTP, optionally HTTPS) - IIRC the CPE initiates the connection and can get things like configuration and firmware upgrades automatically.

I don't see how this is drastically different in concept from cable modems, which are more-or-less invariably heavily managed using DOCSIS.

How to disable the backdoor

[duppyconqueror]

http://www.broadbandreports.com/forum/r21990593-modemrouter-Remove-the-actiontec-verizon-backdoor-on-port-456 Haven't tried it, but worth a shot. Took a (very) little bit of googling to find which was still less effort than lambasting the OP.

Re:unauthorized access is unauthorized

[whoever57]

No, they entered a router which they lease to him with the intention of making their network more secure

What part of "I own the router, not them" do you not understand?

That goes for you too, mods!



I expect that I'll be modded down as a troll for pointing out facts that contradict the parent post.

Re:uhhh

[Anti_Climax]

What are you all on about? He said [slashdot.org] he disabled administrative access from outside. No matter the password, there's intrusion going on here, so there is something to talk about.

Administrative access was not used for this. His actiontec, along with most other telco distributed CPEs use the TR-69 remote administration spec to allow for reconfiguration of services, firmware updates and other crap that used to require a technician to be sent out.

If a password was all there is to protect your router from outside, all hell would break loose for simple brute forcing. You also can't expect Aunt Irma to change her password first thing when she gets net access.

Which is why they changed his password from the default to a unique one. Even with remote access disabled, a default password on your router is a risk. see Pharming

Finally, even disregarding all that, even if he was stupid and careless, they can't just access the router if he didn't explicitly give them the right in a contract somewhere. I get you're all supercomputerexperts, but maybe we could talk about what he's asking?

Telcos are typically behind IBM and God on how many lawyers they have on staff. I'll eat my fucking shoe if it's not explicitly laid out in the TOS for FIOS that they can and will access the router for remote configuration changes, particularly for security reasons.

Why is there an open forced access port/back door?

There is a backdoor to allow changes in configuration that are usually, but not always, related to connectivity and function of the actual connection to the provider - the minutiae that even a field tech doesn't want to have to waste time with.

Is that ok without telling the owner?

Are we that sure it wasn't in that contract he signed?

What security is in place that entities besides Verizon can't access it?

A properly implemented TR-69 system is going to be more secure than any machine this guy is running on his network, guaranteed. The administration server address cannot be changed from the user accessible interfaces, the connection is initiated from the CPE to that server instead of the reverse and there are multiple layers of verification and encryption in use before anything is actually allowed to be updated or changed.

Re:uhhh

[luca]

What are you all on about? He said he disabled administrative access from outside.

He disabled the user visible administrative interface.

Google for tr69 and you'll be enlightened.

In my router it's impossible to disable, however in some normally hidden menu I could modify the "call home" url, rendering it ineffective.

Re:uhhh

[surferx0]

I purchased a combination lock for my front door three years ago. Today, saw a note on my kitchen table from the locksmith. I said "I noticed that the lock I sold you three years ago still has the default combination on it. That's really insecure, so I changed it to your phone number. No need to thank me."

Did the locksmith do anything wrong by breaking into my house to change the combination on the lock?

Bad analogy, since this is leased equipment from Verizon, it's more like you rent an apartment and the landlord changes the busted up locks on your door or performs other various maintenance on their property for you. If you haven't rented before, I can tell you that is quite normal.