Slashdot Mirror

← Back to Stories (view on slashdot.org)

Australia's Biggest Telco Sold Routers With Hardcoded Passwords

Posted by Unknown on from the who-released-the-debug-build dept.

mask.of.sanity writes "Hardcoded usernames and passwords have been discovered in a recent line of Telstra broadband routers that allow attackers access to customer networks. The flaws meant customer unique passwords could be bypassed to access the device administrative console and LAN."

5 of 154 comments (clear)

  1. Comcast routers by onix · · Score: 5, Informative

    Some Comcast Xfinity routers have WiFi SSID and WPA encryption key hardcoded. It can be changed via software interface only to be reset when Comcast sends a firmware upgrade.

    1. Re:Comcast routers by Drakonblayde · · Score: 5, Insightful

      Full Disclosure: I am a network engineer for Comcast. They are indeed hardcoded, but they are unique to each device. When you're deploying customer CPE, it's a damned if you do, damned if you don't situation. Either we provide the same defaults, and no one ever changes them, which leads to an increase in the amount of security incidents, or we don't set them and the customer chooses their own and then forgets them and complains to our support about it because we don't know their passwords. Or they can be hardcoded, with the option to let the customer change them. Most folks don't and just go with the defaults. Since they're unique defaults, this cuts down on the amount of security incidents, and since it's hardcoded, if the customer ever forgets their password, it's as simple as resetting the device to factory default and telling them to look for the sticker (if they did change them) or telling them to just look at the sticker (if they didn't).

  2. Not surprised at all. by crafty.munchkin · · Score: 5, Interesting

    Telstra are a notoriously dodgy company with a history of being idiots when it comes to customer's privacy and account security. Have a read of this for one of their latest privacy blunders...

    --
    ... wait, what?
  3. Re:If you have a MAC... by crafty.munchkin · · Score: 5, Funny

    You should've seen the installation tech who came to install Bigpond Cable at our office. He needed a PC to activate it, I brought out my linux laptop - I've never seen anyone so confused. He asked for Internet Explorer, I told him he could have Firefox or Chrome. I think he nearly cried.

    --
    ... wait, what?
  4. Re:If you have a MAC... by green1 · · Score: 5, Interesting

    I install ADSL service for a Largish telco. I am always THRILLED when someone brings out a computer that isn't running windows. The reason? Windows machines support our company's software install, which is mandatory, can't be skipped, and takes 15 mins+ to install the first time you open a browser. However, if you are using a Mac, or Linux, or various other devices, the software install fails right away, gives you a warning telling you that your system doesn't meet our minimum requirements, and then without further ado activates the connection so everything works. Net benefit is that it saves me 15+ minutes, and the customers are happier because they don't have 4 more programs installed on their desktop!