A popular ISP is accessing customers’ routers using an easy-to-find generic user name and password, leaving every one of their broadband customer accounts wide open to unscrupulous hackers reports Broadband Choices.
The company recently sent an automated email to its broadband customers, informing them that it was making security improvements to its routers. It would be doing this remotely from exchanges across the country. But these so-called ‘improvements’ have caused internet and internal VPN connections to break.
After analysing log files on the router concerned, www.BroadbandChoices.co.uk identified that the ISP had downloaded all the configuration settings for the modems, including important passwords. We also easily identified the login and password being used to access the router. And, with one quick Google search, we found a de-crypted version of the password being used for remote maintenance.
The online source for this remote password said that over 15,000 routers could be accessed in a single scan.
"This is extremely careless: It is shocking that it’s so easy to hack other people’s routers with little technical knowledge. We have contacted the company to ensure the loop hole is closed."
Chris Eagle, Commercial Manager at www.BroadbandChoices.co.uk
No comments:
Post a Comment