Posted: 11th May, 2007 By: MarkJ
Comparison site BroadbandChoices.co.uk has discovered that a "
major" ISP is leaving customer security exposed due to poorly secured remote router access. Sadly they fail to name the provider responsible:
The company recently sent an automated email to its broadband customers, informing them that it was making security improvements to its routers. It would be doing this remotely from exchanges across the country. But these so-called improvements have caused internet and internal VPN connections to break.
After analysing log files on the router concerned, www.BroadbandChoices.co.uk identified that the ISP had downloaded all the configuration settings for the modems, including important passwords. We also easily identified the login and password being used to access the router. And, with one quick Google search, we found a de-crypted version of the password being used for remote maintenance.
It's claimed that 15,000 routers could be accessed in a single scan, which would be shocking except that we don't know who they're talking about.
However the report does bare strong similarities to a case involving ISP Be Unlimited (bethere.co.uk) during April this year, where a crucial security detail about customer routers was revealed to the public
HERE.