Unifi ? Hackers love it

23 11 2010

D-Link DIR-615

Telekom Malaysia Bhd’s high-speed broadband service UniFi (HSBB) use this D-Link DIR-615 wireless router for UNIFI customers. There is a second administration account in this routers. The routers have the option for remote management enabled and customers were not informed and therefore unable to reset the password. Why? For maintenance purposes. To allows Telekom Malaysia staff to troubleshoot UniFi problems remotely. Meaning, they no longer have to send a technician to your house within 3 working days. They can immediately access your router (or you think it is better to be called the modem) from their computer by “legal hacking”. Yes, the Telekom Malaysia technicians can remote access your modem (router) just with a few mouse click and a few typings on their keyboard.

TM named the “administrator” account on the DIR-615 as “admin”. This “administrator” account has the same user/pass across every Unifi router that has been given to the Unifi customers and the customers cannot change it or even see it with the default ‘admin’ account.

What do you think if one of those Unifi guy/gal tell their family or friends about the default login ID and password? Or….to proof that they are very good, they show their friends how to do it…..then, YOU (Unifi customers) are in danger.

The remote management option should have been turned off by default and turned on only when Telekom Malaysia needed remote access.

At this moment, after the customer signed-up for UniFi services, the TM’s technician will do all the equipment installations in your premises/homes for you. BUT, the technicians do not change the default WiFi router setting.

  • The router is not configured to drop ICMP packet, making an attacker able to ping those unprotected routers, telling him it’s alive and connected to the internet.
  • The firewall is disabled.
  • The router has remote access enabled.
  • It has no authorised IP filter (has default config of 0.0.0.0, meaning anybody, anywhere, can log in to your router web interface).
  • The web interface port number are also set to default.
  • The router’s Administrator password is still the default ones!! See below
Device Management
Default IP address: 192.168.0.1
Default admin username: admin
Default admin password: <blank>  ya, no password. Remember, Malaysia will be a developed country soon.

So what to do?

Secure your home network:

Login in to your router’s web interface. Open a web browser, go to http://192.168.0.1 . You will be prompt for admin username and password. Open your D-Link Router manual for more info.

1. Change your Router’s Administrator password.

  • Go to ‘Maintenance’ tab, under ‘Admin Password’ section. Rename your password there.

2. Rename your Wireless Network Name/ SSID.
The default SSID has the customer’s name, i.e.: myfirstname@unifi. This possible could leads to privacy issues, as outsiders knows who’s using what ISP services (UniFi, Streamyx, etc).

  • Go to ‘Setup’ tab, click ‘Wireless Setup’ menu on the left.
  • Under ‘Multiple Wireless Network Name (SSIDS)’ section, click ‘Multiple Wireless Network Name Setup’ button.
  • You will be taken to a page with ‘Wireless Network Name’ section. Rename your existing Wireless Network Name/SSID there.

3. Disable Remote Access to your router.

  • Go to ‘Maintenance’ tab, under ‘Remote Management’ section. Un-check ‘Enable Remote Management:’ check box.

4. Enable Firewall

  • Go to ‘Advanced’ tab, click ‘Firewall & DMZ’ menu on the left.
  • Under ‘Outside Firewall Setting’ section, checked the ‘Enable WAN to LAN Firewall :’ check box.
  • Then, checked all the check box inside the rows of ‘DOS ATTACK’, ‘POST SCAN ATTACK’ and ‘SERVICE FILTER’.
  • block all the ports (TCP 22/23/80/8080/443) from WAN access.







Follow

Get every new post delivered to your Inbox.