Sprint DSL's Security Hole Easy As 1,2,3,4 373
An Anonymous reader points to this Wired article, excerpting "Sprint officials acknowledged that remote access to the administrative software embedded in the ZyXel Prestige 642 and 645 modems is by default protected with a password of '1234.' But the company said users are responsible for securing the equipment, which stores login data, including the user's e-mail address and password." Wired found that more than 90% of the modems they polled were using that default password.
To add to the redundants (Score:-1, Informative)
This is a suprise to everyone? (Score:3, Informative)
I don't know how many times in the past I've tracked hackers at work to Sprint's networks.
Getting a reply or action from Sprint Security is non-existent. I guess it takes an article published in 'Wired' to get action from them.
Sprint and Prodigy are renown for not working with customers in addressing secuity issues.
Dolemite
_________________________________
They're not the first (Score:2, Informative)
Wasn't it Skoorb? (Score:3, Informative)
Pacific Bell (Score:3, Informative)
This only applies to business customers who ordered the router option instead of a bridge.
Re:Home users (Score:5, Informative)
Lots of switches and other equipment comes with hardware passwords. When these are lost, you can call the company and get a password by reading off a serial number identifier off of the equipment. When you enter that password, the machine is reset and all information previously on it is gone.
That would be good enough for most users in any event.
Re:Wasn't it Skoorb? (Score:1, Informative)
What Sprint Told Me (Score:5, Informative)
Thank you for your recent e-mail. I appreciate the opportunity to address your inquiry.
You have reached local password reset only. Please contact your local telephone company for further assistance.
We appreciate your business. If we can be of further assistance concerning
your Sprint service, please visit us at http://www.sprint.com, or you may email us at customer.servicenet@mail.sprint.com.
Aside from the total lack of security by default, and their insistance on routing everything from the Seattle area through Fort Worth, which is 100ms away on Sprintlink, they have been pretty good.
Much ado about nothing (Score:2, Informative)
Re:Not Sprint's fault... (RTFA) (Score:5, Informative)
Now, who's fault isn't it again?
Re:As I've always said (Score:3, Informative)
Some people [google.com] are pretty opinionated [powells.com] about that, in fact.
My ZyXEL 600 had this problem... (Score:5, Informative)
To do this, at least on my 600:
1. Telnet in (make sure you have vt100). On my LAN, the Zyxel is set at 192.168.1.1 -- I don't know how Sprint has it.
2. Use the default 1234 password, and then hit return to log in.
3. At the menu, type "23" and return. 23 is the option for the "System Password" page.
4. Now type the old and new password (twice) using the TAB key to skip fields. Don't pick something obvious.
5. Go down to where it says "Enter here to CONFIRM or ESC to CANCEL" and hit ENTER/RETURN to save your new password. (You may be asked to confirm that you want to do this.)
6. When you get back to the main menu, exit your telnet session by typing "99".
7. Try telnetting in again using 1234 and make sure it doesn't work. Now try to use your new password.
8. Profit.
I'm guessing that if these aren't the exact instructions for the later Prestiges, it'll be pretty close.
Even better than changing passwords is to disable remote login from outside the local network. (I hear this is the default on new Prestige modems). Or, depending on how insecure your LAN is, you can assign particular IPs permission to get in and block all others. This is accomplished using a "filter", just like a w/ a firewall.
To block incoming telnet sessions on the WAN, check out this page [securiteam.com]. This page also offers a "probe" [dragon.roe.ch] you can use to discover vulnerable modems.
Finally, check this list [phenoelit.de] for common default passwords. This is an important page, so check it for any equipment you might be using.
W
Re:1234 (Score:3, Informative)
Re:Totally unprofessional (Score:2, Informative)
And testing the doorknob on every store on your street is multiple sets of felony B & E, right?
This is why the police wait for the burglar to actually _enter_ the house before charging them (well, actually, if they don't like they guy, they'll wait 'till he exits with an armload of swag), just like they wait for a hacker to _do_ something before charging them with a crime.
If you don't want anyone testing your lock, don't have one in a place they can test it.
Re:This is a suprise to everyone? (Score:2, Informative)
Even though my AMX router actually has a "external access" tickbox, unticking it doesn't actually stop the router responding to http and ftp from the WAN side. So I configured it forward those ports through to the LAN side and let my PC say "connection refused" instead.
Re:Shit (Score:2, Informative)
Sprint Posted Instructions (Score:1, Informative)
Sprint posted at its DSL support site [sprintdslhelp.com] today some instructions on how to disable remote management in the ZyXel P645 modem. They are available in PDF here [sprint.com]
In a nutshell, they instruct you to use the unit's system management software to turn on some filters that block incoming port 80, 21, 23, and 69.