Vulnerabilities on MT FTTH Routers

Print pagePDF pageEmail page

It’s been long since I’ve posted to my blog and this one will be a short post.

So, as the title says, this post is about some security flaws, we can call them, in those new FTTH modems deployed by MT in its fiber coverage project. I stumbled across it through a podcast by Hackers.mu, a Mauritian group with technical abilities working towards Internet Security and Awareness. You can watch it here.

The modems are from Huawei, precisely Huawei HG8245H.

Apart from the default username and password given to all modems; the telecomadmin thing, it seems that the telnet connection too has a default password.

Telnet in simple words is an uncrypted command line interface you use to connect to a device and communicate with it to get infomation, set parameters and the like.

So, apart from the usual Web Interface, you can connect through your modem, for the geeks or tech ethuiast out there, and configure your modem using command line using Terminal on Linux/Unix boxes or Putty on Windows machines. But, not only you.. anybody on your network can do it.. and clever enough; people from outside your network too.

Well, to save you from mishaps, I will not enumerate the endless things that bad-intended people can do with your modem under you command, DO NOT FORGET THAT YOUR TELEPHONE LINE IS NOW CONNECTED DIRECTLY TO YOUR MODEM, (understand unsollicited premium international calls or 303-Bolom-Noel calls [did many of that long ago 😛 ];

  • First, change the default login password to the Web User interface by going to http://192.168.100.1 . Login and navigate to System Tools > Modify Login Password and set a hard-to-guess-easy-to-remember password. (Please do not forget or lose it, as it may be a hassle to get it back. Plus, you will need it when MT guys show up for some repair or service.
  • Next, disable the telnet service by moving to Security > ONT Access Control Configuration and UNTICK the ENABLE THE LAN-SIDE PC TO ACCESS THE ONT THROUGH TELNET.

That’s not all of the vulnerabilities. But, this should get you started at being more covered.

I wrote an open letter to Mauritius Telecom with solutions on how to counter the flaws. You can read it here: 

http://irshaad.me/wp/open-letter-to-mauritius-telecom/

That’s for now friends. More blog post with awesome stuffs coming soon !!

By the way, I really like the FTTH service by MT, the step taken to provide better Internet Connectivity. Not enough but good leap forward. Thanks MT

Brief Update #1 – 17 Oct 17 – 00:00 GMT+4

There are two accounts (or maybe more) on the routers provided by MT. One with the username root and the other telecomadmin. The root one is just a customer User Interface with limited options, but the telecomadmin one has the features mentionned above. So make sure you get both of their passwords secured.

 

Till then,

Irshaad

 

Posts from others:

 

Image courtesy of huawei.com