You know, the first day I got Unifi, I asked you guys (TMnet) if I would be able to use my own router. Well you said no. When I discovered the SSH daemon running on the router (which used a different password than the web user interface), you said you couldn't disclose the password. An hour ago, I discovered that password and the reason why you won't give it out.

TM, you basically planted a bloody backdoor in everyone's DIR-615 router.



What is this? What are all these hidden options in this special account you neglected to tell us about? You mean to say I could have used my own router all along? You mean people spent >RM1000 on Cisco grade equipment just because you didn't want to tell them about this?



You mean in a sample group of 900 nodes, 600 of them who think their networks are 'secure' are actually completely open? Even those companies on Unifibiz which use the same router? WOW..

That's right guys, TM named the "administrator" account on the DIR-615 as "admin" when there was actually a secondary administrator account with a higher access level. The VLAN settings were never locked out, that account which we all assumed was the admin (because they told us so) was actually a noob piece of shit with <60% access to the router. This account has the same user/pass across every Unifi router that has been given out so far and cannot be changed or even seen with the default 'admin' account.

----

What's the fix?



Untick remote management. If you have a firewall on it, block all the ports (TCP 22/23/80/8080/443) from WAN access.



UPDATE : If you're a Unifi user on firmware 7.05, if you read everything in the management page you can find the username for this account. The pass is the same, once you get access log in and reconfigure your router security properly. I can't believe not a single technician set this account up properly.

----

FAQ

Some less tech-savvy people have asked me what this all means.. so here goes -

Q: What is this and how is this possible?
A: Every consumer router has a username/password combination to access it. This is a basic security feature to ensure that only you (the owner) can access it. This Unifi router however, has two accounts by default. When TM installed Unifi in your home/office, they only configured the first account. The second account -- which has a higher level of access was left configured with its default username/password. They also neglected to inform the customers (you) and their own technicians who did the install about this second account. As every Unifi user is 'forced' to use this router and this account has not been configured properly, every Unifi user is also vulnerable to have their routers accessed by unauthorized users simply by using this default account user/password combination.

Q: So what if outsiders can access my router? What does this mean?
A: The Unifi router is not just a simple box that sits on your network. It can be considered to be a full computer system and has the capability to run any executable that's made for it. Since an outsider can access your router, he can also do the following :

- Turn your router into a proxy, if he commits any crimes online it will be traced back to you instead and you will take the fall for it
- Use your 10/20mbps Unifi account so he doesn't have to pay for his
- Use up your bandwidth quota (once quotas are implemented) as much as he wants and you will pay for it
- 'Spy' on your Internet connection and view every site you are visiting
- Forward all connections to your home PC using DMZ, making your home PC completely vulnerable to Internet attacks.. if you have an open NAS (network attached storage) on your home network, he will be able to access all your files

And the list goes on and on..

Q: So how can I fix this?!
A: Make sure remote management is disabled (as it is enabled by default). With this enabled, anybody with this default user/pass combination can access your home router and perform the attacks I mentioned above. This fix however, doesn't prevent people on your own LAN network from accessing the router. If you are running an open Unifi hotspot (shop wifi, etc) and you are using the default DIR-615 router, the only fix is to access this second account and change the password.

I've uploaded a Router Security guide and VLAN bridging guide (to use your own hardware with Unifi) on my website @ http://unifi.athena.my

This post has been edited by rizvanrp: Jun 12 2010, 08:19 PM

wooo nice info.... pro la u...

Wow... this should be ... a STICKY!

Good share rizvanrp!

Flash to dd-wrt n disable the remote management

@Riz thank you very much for this headsup.

TIME TO MASS COMPLAIN TO CFM. EVERYBODY On your mark.... GO!!



As an after thought, i hope they don't delay Unifi in my area because of this

This post has been edited by Moogle Stiltzkin: May 29 2010, 07:56 AM

thanks rizvan for sharing..!

great info for all of us - whether already a subscriber or not yet one.. (me lah..)

now next step :

1. Is there anything good we can do with this info?

2. Any setting that we can change to improve our speed / bandwidth? (maybe basic 5mb upgrade to 10? )

thanks for the headsup. was digging thru the router and think i found the account... luckily i already disable remote management

Edit: and i found the password. very tempted to change it...

This post has been edited by zenquix: May 29 2010, 08:38 AM

Just curious what is their purpose for doing this ???

1. more control to monitor unifi user usage ???

2. customer service support to help configure modem and router ???


Reason 1 i don't need, 2 i don't need if it means reason 1 :/

For Unifi should i get VPN ;x ??

This post has been edited by Moogle Stiltzkin: May 29 2010, 08:44 AM

hahaha i had a good laugh...
TM such a big corporate could afford such half-past-six cowboy solution

It's normal for UniFi or normal DSL broadband.
Those guys who installed the riger modems at my new house last time also enabled remote management and locked out the admin mgmt account.
I have replaced them straight away.

As long as it's RJ45/RJ11, I guess it's always possible to use our own equipment.

is it possible or legal to replace TM's DIR-615?

I don't see why not. As long as you don't try that hack riv said possible to increase your speed to 100mb or any other speed then your subscribed speed ;x

gg ....

hi rizvanrp, under the secondary administrator account is there any option to allow VPN passthrough ? my wife's VPN connection problem is still not resolved and Unifi service centre didn't respond to my emails at all.

If port 80 is blocked, how is facebook gonna reply to my port 80 request for Restaurant City~ =X

"but me no have webserver~"

This post has been edited by thomasyke: May 29 2010, 10:50 AM

gj. someone should post this up on 'The Star'

Dlink DIR-615 default administrator login is not "admin" meh? I thought only can login as "admin" or "user" only ma...got other type of login ah??

Ops they're going to tell you about this but hey, your guinea pigs and test subjects which is on the "need to know only" basis. Plus even if they tell you about it, its not like most unifail customers would care since they don't get tech stuff like this.

Arguably tech savvy users would know what to do with it but lets face it, some people who uses streamyx for 2 years and more wouldn't even know how to check their line status; remote management wha...??

I smell job opportunity from TM, ROFL.