Welcome Guest ( Log In | Register )

Bump Topic Topic Closed RSS Feed
19 Pages  1 2 3 > » Bottom

Outline · [ Standard ] · Linear+

> WARNING TO ALL UNIFI USERS, Threat warning, read inside (Unifi)

views
     
TSrizvanrp
post May 29 2010, 06:59 AM, updated 9y ago

Getting Started
Group Icon
Elite
186 posts

Joined: Sep 2006



You know, the first day I got Unifi, I asked you guys (TMnet) if I would be able to use my own router. Well you said no. When I discovered the SSH daemon running on the router (which used a different password than the web user interface), you said you couldn't disclose the password. An hour ago, I discovered that password and the reason why you won't give it out.

TM, you basically planted a bloody backdoor in everyone's DIR-615 router.

user posted image

What is this? What are all these hidden options in this special account you neglected to tell us about? You mean to say I could have used my own router all along? You mean people spent >RM1000 on Cisco grade equipment just because you didn't want to tell them about this?

user posted image

You mean in a sample group of 900 nodes, 600 of them who think their networks are 'secure' are actually completely open? Even those companies on Unifibiz which use the same router? WOW..

That's right guys, TM named the "administrator" account on the DIR-615 as "admin" when there was actually a secondary administrator account with a higher access level. The VLAN settings were never locked out, that account which we all assumed was the admin (because they told us so) was actually a noob piece of shit with <60% access to the router. This account has the same user/pass across every Unifi router that has been given out so far and cannot be changed or even seen with the default 'admin' account.

----

What's the fix?

user posted image

Untick remote management. If you have a firewall on it, block all the ports (TCP 22/23/80/8080/443) from WAN access.

vmad.gif

UPDATE : If you're a Unifi user on firmware 7.05, if you read everything in the management page you can find the username for this account. The pass is the same, once you get access log in and reconfigure your router security properly. I can't believe not a single technician set this account up properly.

----

FAQ

Some less tech-savvy people have asked me what this all means.. so here goes -

Q: What is this and how is this possible?
A: Every consumer router has a username/password combination to access it. This is a basic security feature to ensure that only you (the owner) can access it. This Unifi router however, has two accounts by default. When TM installed Unifi in your home/office, they only configured the first account. The second account -- which has a higher level of access was left configured with its default username/password. They also neglected to inform the customers (you) and their own technicians who did the install about this second account. As every Unifi user is 'forced' to use this router and this account has not been configured properly, every Unifi user is also vulnerable to have their routers accessed by unauthorized users simply by using this default account user/password combination.

Q: So what if outsiders can access my router? What does this mean?
A: The Unifi router is not just a simple box that sits on your network. It can be considered to be a full computer system and has the capability to run any executable that's made for it. Since an outsider can access your router, he can also do the following :

- Turn your router into a proxy, if he commits any crimes online it will be traced back to you instead and you will take the fall for it
- Use your 10/20mbps Unifi account so he doesn't have to pay for his
- Use up your bandwidth quota (once quotas are implemented) as much as he wants and you will pay for it
- 'Spy' on your Internet connection and view every site you are visiting
- Forward all connections to your home PC using DMZ, making your home PC completely vulnerable to Internet attacks.. if you have an open NAS (network attached storage) on your home network, he will be able to access all your files

And the list goes on and on..

Q: So how can I fix this?!
A: Make sure remote management is disabled (as it is enabled by default). With this enabled, anybody with this default user/pass combination can access your home router and perform the attacks I mentioned above. This fix however, doesn't prevent people on your own LAN network from accessing the router. If you are running an open Unifi hotspot (shop wifi, etc) and you are using the default DIR-615 router, the only fix is to access this second account and change the password.

I've uploaded a Router Security guide and VLAN bridging guide (to use your own hardware with Unifi) on my website @ http://unifi.athena.my

This post has been edited by rizvanrp: Jun 12 2010, 08:19 PM
xxmetalhead86xx
post May 29 2010, 07:21 AM

Getting Started
**
Junior Member
217 posts

Joined: Feb 2008
From: Sunway/Kuching


wooo nice info.... pro la u...
YoYaYo
post May 29 2010, 07:27 AM

New Member
*
Junior Member
18 posts

Joined: Apr 2007
Wow... this should be ... a STICKY!


Zepx
post May 29 2010, 07:30 AM

Regular
******
Senior Member
1,230 posts

Joined: Dec 2005
Good share rizvanrp!
MX510
post May 29 2010, 07:31 AM

Love Me Sin Hate Me Sinner
*******
Senior Member
3,846 posts

Joined: Aug 2005
From: Earth



Flash to dd-wrt n disable the remote management
palmjack
post May 29 2010, 07:38 AM

Getting Started
**
Junior Member
84 posts

Joined: Feb 2005
@Riz thank you very much for this headsup.

Moogle Stiltzkin
post May 29 2010, 07:42 AM

Look at all my stars!!
*******
Senior Member
3,507 posts

Joined: Jan 2003
user posted image

TIME TO MASS COMPLAIN TO CFM. EVERYBODY On your mark.... GO!!



As an after thought, i hope they don't delay Unifi in my area because of this shocking.gif

This post has been edited by Moogle Stiltzkin: May 29 2010, 07:56 AM
morpheuzneo
post May 29 2010, 07:59 AM

Getting Started
**
Junior Member
231 posts

Joined: Jul 2008
thanks rizvan for sharing..!

great info for all of us - whether already a subscriber or not yet one.. (me lah..)

now next step :

1. Is there anything good we can do with this info?

2. Any setting that we can change to improve our speed / bandwidth? (maybe basic 5mb upgrade to 10? tongue.gif)


zenquix
post May 29 2010, 08:35 AM

Life is short!
******
Senior Member
1,767 posts

Joined: Jan 2008


thanks for the headsup. was digging thru the router and think i found the account... luckily i already disable remote management smile.gif

Edit: and i found the password. very tempted to change it...

This post has been edited by zenquix: May 29 2010, 08:38 AM
Moogle Stiltzkin
post May 29 2010, 08:43 AM

Look at all my stars!!
*******
Senior Member
3,507 posts

Joined: Jan 2003
Just curious what is their purpose for doing this ???

1. more control to monitor unifi user usage ???

2. customer service support to help configure modem and router ???


Reason 1 i don't need, 2 i don't need if it means reason 1 :/

For Unifi should i get VPN ;x ??

This post has been edited by Moogle Stiltzkin: May 29 2010, 08:44 AM
xxerton
post May 29 2010, 09:06 AM

Getting Started
**
Junior Member
62 posts

Joined: Apr 2006
hahaha i had a good laugh...
TM such a big corporate could afford such half-past-six cowboy solution doh.gif
kons
post May 29 2010, 09:10 AM

Конс
Group Icon
Moderator
5,732 posts

Joined: Oct 2004



It's normal for UniFi or normal DSL broadband.
Those guys who installed the riger modems at my new house last time also enabled remote management and locked out the admin mgmt account.
I have replaced them straight away.

As long as it's RJ45/RJ11, I guess it's always possible to use our own equipment.

gkl83
post May 29 2010, 09:40 AM

Look at all my stars!!
*******
Senior Member
8,241 posts

Joined: Nov 2004
is it possible or legal to replace TM's DIR-615?
Moogle Stiltzkin
post May 29 2010, 09:44 AM

Look at all my stars!!
*******
Senior Member
3,507 posts

Joined: Jan 2003
QUOTE(gkl83 @ May 29 2010, 09:40 AM)
is it possible or legal to replace TM's DIR-615?
*
I don't see why not. As long as you don't try that hack riv said possible to increase your speed to 100mb or any other speed then your subscribed speed ;x
akidos
post May 29 2010, 09:45 AM

Casual
***
Junior Member
470 posts

Joined: Apr 2008


gg ....
Sting Ray
post May 29 2010, 10:07 AM

Getting Started
**
Junior Member
149 posts

Joined: Apr 2006


hi rizvanrp, under the secondary administrator account is there any option to allow VPN passthrough ? my wife's VPN connection problem is still not resolved and Unifi service centre didn't respond to my emails at all. vmad.gif
thomasyke
post May 29 2010, 10:49 AM

Casual
***
Junior Member
372 posts

Joined: Jun 2007
From: <20k group
If port 80 is blocked, how is facebook gonna reply to my port 80 request for Restaurant City~ =X

"but me no have webserver~"

This post has been edited by thomasyke: May 29 2010, 10:50 AM
DeanKueh
post May 29 2010, 11:44 AM

Enthusiast
*****
Senior Member
700 posts

Joined: Jul 2007
From: Malaysia
gj. someone should post this up on 'The Star' tongue.gif
infra
post May 29 2010, 11:45 AM

Getting Started
**
Junior Member
249 posts

Joined: Nov 2008
From: Penang > AmanSiara > Penang


Dlink DIR-615 default administrator login is not "admin" meh? I thought only can login as "admin" or "user" only ma...got other type of login ah??
ahpek26
post May 29 2010, 12:15 PM

Casual
***
Junior Member
462 posts

Joined: Apr 2007


Ops they're going to tell you about this but hey, your guinea pigs and test subjects which is on the "need to know only" basis. Plus even if they tell you about it, its not like most unifail customers would care since they don't get tech stuff like this.

Arguably tech savvy users would know what to do with it but lets face it, some people who uses streamyx for 2 years and more wouldn't even know how to check their line status; remote management wha...??

I smell job opportunity from TM, ROFL.

19 Pages  1 2 3 > » Top
Topic ClosedOptions
 

Switch to:
| Lo-Fi Version
0.0470sec    1.29    6 queries    GZIP Disabled
Time is now: 24th October 2019 - 06:59 AM