Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Verizon Changing Users Router Passwords

timothy posted more than 3 years ago | from the has-this-happened-to-you? dept.

Networking 545

Kohenkatz writes "I have Verizon FIOS at home and my Verizon-supplied Actiontec router had the password 'password1' that the tech assigned to it when he set it up three years ago. I received an email from Verizon that said 'we have identified that your router still had a password of either password1 or admin1 and we have changed it to your serial number.' I checked and it actually had been changed. I believe this to be in response to the Black Hat presentation about the hackability of home routers. I am upset about this because Verizon should not have any way to get into my router and change the settings, especially because I own the router, not them! I looked in the router's settings and I see port 4567 goes to the router and is labeled 'Verizon FIOS Service.' Is this port for anything useful other than Verizon changing settings on my router? What security measures does Verizon have to protect that port from unauthorized access?"

cancel ×

545 comments

Sorry! There are no comments related to the filter you selected.

first post! (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#33102784)

if you were first instead of password1, you would not have had any trouble. I had lots of trouble deciphering the summary, though...

Re:first post! (-1)

Ethanol-fueled (1125189) | more than 3 years ago | (#33102824)

I am upset about this because Verizon should not have any way to get into my router and change the settings, especially because I own the router, not them!

You own the router they pwn the router amirite? Lolz!

Re:first post! (4, Funny)

0100010001010011 (652467) | more than 3 years ago | (#33103032)

All I see is:

if you were first instead of *********, you would not have had any trouble. I had lots of trouble deciphering the summary, though...

Good (0)

Anonymous Coward | more than 3 years ago | (#33102796)

I always have fun when I find abusive hosts on my site using the default login information. I log in and FUBAR up their settings and reboot their router.

uhhh (5, Insightful)

buddyglass (925859) | more than 3 years ago | (#33102802)

Maybe they were able to access your router because the password was still password1 ?

Re:uhhh (5, Insightful)

cosm (1072588) | more than 3 years ago | (#33102832)

End of thread. No further comments are necessary.

Re:uhhh (0)

Sarten-X (1102295) | more than 3 years ago | (#33102860)

Nonsense. They MUST have some kind of backdoor [phenoelit-us.org] , totally uprooting the comprehensive security scheme he has in place! All those laser beams, automatic turrets, and asymmetric cyphers are useless now, all because of Verizon! It's all their fault! </sarcasm>

Re:uhhh (2, Informative)

Kohenkatz (1166461) | more than 3 years ago | (#33102880)

I thought that blocking administrative access from WAN would have been enough.

Re:uhhh (4, Insightful)

phoenixwade (997892) | more than 3 years ago | (#33103010)

I thought that blocking administrative access from WAN would have been enough.

I'm gonna get modded troll for this, but "Thinking" was not what you were doing.

You missed thinking in three key ways:

  • you didn't change the default password to something other than a common default password
  • You apparently were upset by them doing you a favor and changing the password
  • And the least amount of thinking in this entire thing: You told the Slashdot community about this? you deserve every thing you are about to read.

Re:uhhh (0)

Anonymous Coward | more than 3 years ago | (#33103216)

Shut the fuck up n00b. The router is defective if it can be administered from the WAN side, even after shutting that misfeature off.

unauthorized access is unauthorized (2, Insightful)

Anonymous Coward | more than 3 years ago | (#33102902)

It doesnt matter what his password was, they broke into his router illegally

Re:unauthorized access is unauthorized (2, Insightful)

blackraven14250 (902843) | more than 3 years ago | (#33102972)

No, they entered a router which they lease to him with the intention of making their network more secure. You don't get the right to update your firmware just using your own modem on a cable network, so this is likely covered by the contract.

Re:unauthorized access is unauthorized (3, Informative)

flosofl (626809) | more than 3 years ago | (#33103228)

You don't get the right to update your firmware just using your own modem on a cable network

Yes, I do. And have. However, if an update borks my connection, I'm shit out of luck as far as support from them is concerned. (I made a point of looking at my TOS when I did the update to make sure they couldn't kick me off for doing it).

Re:unauthorized access is unauthorized (1)

cosm (1072588) | more than 3 years ago | (#33103014)

Verizon-supplied Actiontec router had the password 'password1.'

Saying that it is purely 'his' could be questioned. It is hardware that they supplied him, and he is operating it on their network. I am not disagreeing completely with the moral stickiness of what they did, but a blanket 'it is illegal' statement would have a tough time in court, considering the weight these telcos have in terms of money and lawyers. Despite good idealistic intentions in defending the posters disdain, unfortunately the real world will have much less pity and sympathy.

Re:unauthorized access is unauthorized (2, Informative)

Nikkos (544004) | more than 3 years ago | (#33103088)

So what if they sold it to him? If it's his, and they accessed it without permission (no matter what the password) then they broke the law.

Re:unauthorized access is unauthorized (2, Insightful)

blackraven14250 (902843) | more than 3 years ago | (#33103128)

Not if the router is leased rather than owned. Since that's the way most internet companies work, I'm going to bet it's leased, and there's a clause in the contract that lets them access it for security purposes.

Re:unauthorized access is unauthorized (1)

Threni (635302) | more than 3 years ago | (#33103174)

I was suprised to read, in the small print of some of the UK ISPs that it's common for you to not own the router.

Re:unauthorized access is unauthorized (1)

IconBasedIdea (838710) | more than 3 years ago | (#33103164)

I may very well be wrong here, but I don't think Verizon will sell a customer their modem. The rent them.

Re:uhhh (2, Insightful)

Alsee (515537) | more than 3 years ago | (#33102928)

About 12 out of the 20 posts so far all say the same thing. It's time to kill this entire story. It never should have appeared in the first place.

-

Re:uhhh (1, Interesting)

commodore64_love (1445365) | more than 3 years ago | (#33102956)

>>>Maybe they were able to access your router because the password was still password1 ?

A UK citizen who used a similar backdoor (typed the default password) to get into a US computer is now being raked-over-the-coals and threatened with exportation & 20 years imprisonment by the current administration. If it wasn't okay for him to enter a privately-owned computer, why it is okay for Verizon to enter a privately-owned router?

Answer: It isn't. Sue them.

Oh and this behavior is typical considering Verizon used to be part of the Bell Monopoly. They used to consider any and all devices attached to their phonelines as their property - apparently they have not changed that way of thinking, even though it's no longer true.

Re:uhhh (3, Insightful)

commodore64_love (1445365) | more than 3 years ago | (#33103056)

>>>A UK citizen...threatened with exportation & 20 years imprisonment by the current administration.

Also this is a clear indication of a double standard and Inequality under the law. If a government or corporation leaves the password as 'password1' and a citizen enters that computer, then the citizen will be severely punished. BUT in the opposite case of government/corporation entering a citizen's private computer or router?

That's okay.

Re:uhhh (0)

Anonymous Coward | more than 3 years ago | (#33103142)

>>>Maybe they were able to access your router because the password was still password1 ?

A UK citizen who used a similar backdoor (typed the default password) to get into a US computer is now being raked-over-the-coals and threatened with exportation & 20 years imprisonment by the current administration. If it wasn't okay for him to enter a privately-owned computer, why it is okay for Verizon to enter a privately-owned router?

Answer: It isn't. Sue them.

Oh and this behavior is typical considering Verizon used to be part of the Bell Monopoly. They used to consider any and all devices attached to their phonelines as their property - apparently they have not changed that way of thinking, even though it's no longer true.

Although we don't know for sure, more than likely this isn't a privately owned router. In almost all cases in the US, telecom and cable companies lease equipment to the customer, not sell it to them. The customer pays a monthly fee and is required to send the equipment back when canceling service. So in this case, they are accessing their own equipment. This is also nothing new... These companies automatically update the firmware on routers and set top boxes all the time. On top of everything else, it's probably in the fine print of the contract/user agreement that allows Verizon to access the router (but most people never bother to read such agreements before they sign).

In short, as others have said, nothing to see here. It's a non-story.

Re:uhhh (0)

Anonymous Coward | more than 3 years ago | (#33102978)

Routers (also the ones sold 3 years ago) typically restrict configuration access to clients from the router's LAN. So Verizon must at least have changed the default configuration to allow WAN access. Which legitimates the question.

Re:uhhh (1)

syousef (465911) | more than 3 years ago | (#33103006)

Maybe they were able to access your router because the password was still password1 ?

I think he would have preferred that they left his password alone and that instead some malicious hacker got in there and really did some damage. I wonder what feat of administrative magic he could do? Perhaps reset the router to default settings (removing any back doors he's worried about) and setting his own damn password. Nah, that would require taking some personal responsibility. Much better to yell "I've fallen and I can't get up" on a public board. What was your IP address again? You've broadcast that you don't secure your equipment, but you just haven't made it easy enough for every hacker on the planet to p0wn you.

Summary: Problem behind keyboard. IDIOT.

FIOS Actiontec routers (0)

Anonymous Coward | more than 3 years ago | (#33103040)

You may be correct, but my Verizon-provided Actiontec router has non-deletable port forwards to the router and the cable boxes on our network. And despite having the firmware updater set to "do not check for updates" the firmware has upgraded itself twice. So Verizon has some kind of backdoor that can at least upgrade a pushed firmware.

I like Verizon and like the idea of them protecting from stupid passwords, but they do control their end user's router. If users don't like it or suffer from the NAT table overflow issue on some actiontecs, you can put in another router. There are instructions on how because there can be some issues with the cable boxes in some MOCA configs over coax.

Re:uhhh (1)

rolfwind (528248) | more than 3 years ago | (#33103146)

I have to check, but I have the same actiontec router and I believe the default setting is not to allow anyone not in the internal network to change settings or even remotely access it or log in, even if you have the correct password. This would seem to circumvent that.

Re:uhhh (3, Informative)

Ksevio (865461) | more than 3 years ago | (#33103154)

No, they were able to because they used their backdoor which has it's own password to login and change it.

Realistically the password of the router doesn't matter if you have remote management turned off, but Verizon thinks that people are going around cracking the WEP keys and changing peoples routers.

They did the same to my router so I blocked port 4567.

Then change your password (5, Insightful)

Anonymous Coward | more than 3 years ago | (#33102806)

Maybe they were able to change it because you were too lazy to do it in 3 years. For the first time, I think Verizon did the right thing in this case instead of letting stupid users be online and get potentially hacked and become a nuisance to the internet.

Re:Then change your password (1)

Kohenkatz (1166461) | more than 3 years ago | (#33102894)

Maybe they were able to change it because you were too lazy to do it in 3 years.

Not lazy. I thought other precautions would be enough.

Re:Then change your password (2, Informative)

jasen666 (88727) | more than 3 years ago | (#33103070)

There's no protection for having a stupid password to gain entry to a system.
You may as well have not had one.

Re:Then change your password (1)

IconBasedIdea (838710) | more than 3 years ago | (#33103100)

OK, not lazy, but certainly technologically naive.

Re:Then change your password (1)

Idbar (1034346) | more than 3 years ago | (#33103178)

Also, as far as my contracts says: It's not my router unless I've been with them for more than 2 years.

Do some research? (0)

Anonymous Coward | more than 3 years ago | (#33102812)

Did you see what happens if you try to go to port 4567 from an outside host?

[QUOTE] What security measures does Verizon have to protect that port from unauthorized access?[/QUOTE]
Making sure people don't have the password of password1.

Putting things in perspective (4, Insightful)

BondGamer (724662) | more than 3 years ago | (#33102818)

You had kept your password as password1, yet are complaining about Verizon being able to change your password?

Use a different router (1, Interesting)

Anonymous Coward | more than 3 years ago | (#33102822)

Seems like an easy solution to me. If you have to have their router for the FiOS Tv just put the router behind whatever you replace it with. There is a good guide on how to do this on the dd-wrt website.

Re:Use a different router (1)

Kohenkatz (1166461) | more than 3 years ago | (#33102906)

I can't. They set me up with coax instead of CAT-5.

Re:Use a different router (0)

Anonymous Coward | more than 3 years ago | (#33102930)

Then you're a noob.

Re:Use a different router (1)

Kohenkatz (1166461) | more than 3 years ago | (#33102960)

No, the person who was home for the installation is a noob. I was upset when I came home and found out.

Re:Use a different router (0)

Anonymous Coward | more than 3 years ago | (#33102984)

BNC RJ45 Adapter [lmgtfy.com]

Re:Use a different router (0)

Anonymous Coward | more than 3 years ago | (#33103192)

Fail. Good luck using a passive balun to convert DOCSIS or whatever it is Verizon uses for coax to RJ45 Ethernet.

Lucky (0)

Anonymous Coward | more than 3 years ago | (#33102828)

You're lucky Verizon changed your password before someone else did.

it up to you (1, Insightful)

C0vardeAn0nim0 (232451) | more than 3 years ago | (#33102834)

if you had changed the password yourself, this wouldn't have happened.

Perhaps a little cheese with that whine? (3, Insightful)

wiredlogic (135348) | more than 3 years ago | (#33102836)

Every broadband provider has access to the modems connected to their network to perform maintenance and updates as necessary. It's part of the fine print you agreed to. If you didn't want them getting into your router configuration you should have changed the default password.

Re:Perhaps a little cheese with that whine? (5, Informative)

thestuckmud (955767) | more than 3 years ago | (#33103108)

My provider allows third party modems. Absent a conspiracy between manufacturers and providers, there is no way they can force updates on my equipment.

You are correct about the fine print, though. They reserve the right to update their software on my equipment (including computers). The simple solution there is not installing their software in the first place.

Re:Perhaps a little cheese with that whine? (1)

blackraven14250 (902843) | more than 3 years ago | (#33103176)

I would be very suspicious that you're not correct, at least if you're dealing with cable. I own a modem on my cable line, yet Comcast updates the modem with firmware (via a push) periodically. I have no control over that.

WRONG (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33103160)

they can do what they want to stuff they own.
THEY are not allowed to update my modem OR router unless i give permission
and thats why they call it UPDATING YOUR FIRMWARE IN THE TOOLS SECTION.

regardless this poster is a complete noob, technically however what verizon did do was agaisnt most laws even if it had hte best interest at heart

ITS like a hacker breaking into YOUR website and leaving you a note he updated all your software that was vulnerable.
ITS STILL AGAINST THE LAW

stupid (0)

Anonymous Coward | more than 3 years ago | (#33102838)

Perhaps you should have changed the password yourself when you got the router; instead of whining about Verizon trying to fix it for you?

I'm upset (3, Insightful)

OverlordQ (264228) | more than 3 years ago | (#33102840)

I am upset about this because Verizon should not have any way to get into my router and change the settings, especially because I own the router, not them!

I'm upset they let people like you on the internet. Change your passwords from the default and use something secure. Instead of waiting for somebody to do something fun like log in remotely to your router using the default login and hosing your settings so your internet goes down.

Re:I'm upset (2, Informative)

Kohenkatz (1166461) | more than 3 years ago | (#33102926)

You can't get in to my router from outside except on Verizon's maintenance port - and I didn't know they can do password changes from there.

Not a huge deal (1)

Nerdfest (867930) | more than 3 years ago | (#33102844)

I'm assuming that by "and it had actually been changed" you mean that they changed, not that you did before them. If you had the password left as it's initial value, they set this for you, and the change they made did the same, just to a more secure value. If they changed your password even though you had already done it, my apologies, as that ain't right. I would hope that if you changed your password to a custom value, they have no way to change anything on your router.

Ummm...try changing the password! (3, Insightful)

mhkohne (3854) | more than 3 years ago | (#33102850)

If you don't want them to access the router, change the bloody password. Like you should have done 3 years ago!

Re:Ummm...try changing the password! (5, Insightful)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#33103138)

There is no particular reason to suspect that changing the password would alter their level of access.

On most consumer routers, "the password" is what controls access to the dinky webserver serving the configuration interface, on port 80, LAN side only. According to TFS, Verizon's pet routers have something listening to port 4567, WAN side. There is no particular reason to believe(and, indeed, reason to disbelieve) that the password controlling access to the port 80 web interface and the access control mechanism on the port 4567 WAN management interface are at all connected. Assuming they aren't total morons, I'd imagine that they would use some flavor of keypair auth for that one.

We would need somebody to grab the firmware for the router in question and have a look to actually settle the issue.

More to come (0, Flamebait)

U8MyData (1281010) | more than 3 years ago | (#33102852)

Get used to this. What you think is yours is not. A disturbing trend where there seems to be no end in sight.

Re:More to come (0)

Anonymous Coward | more than 3 years ago | (#33103018)

Man I wish I had mod points, you're so right...nothing is really "mine" anymore.

Yeah; what is this? (0)

Anonymous Coward | more than 3 years ago | (#33102868)

A slashvertisement for stupidity?

You're joking, right?! (3, Insightful)

dave562 (969951) | more than 3 years ago | (#33102870)

Your router was set to the default password after 3 YEARS and you're claiming to be upset that Verizon secured it for you? Are you kidding me? I'm all for letting people wallow in their own stupidity and ignorance, but come on buddy. They did you a favor. In all seriousness, they shouldn't have left it default in the first place. It should have been set to your serial number from the factory.

Just change it back then (0)

Anonymous Coward | more than 3 years ago | (#33102872)

PS your a complete dipshit IMHO

Wow... retards abundant (4, Insightful)

Raxxon (6291) | more than 3 years ago | (#33102878)

I have Verizon FIOS. Tech came out to make sure everything worked and told me that despite the fact that I am a network engineer and it is a Business Class account that he was required as part of his job to install their crappy router and verify connectivity with it. I allowed him to do it and 20 minutes after he was out the door I had my router in place and everything secured to my specifications.

Funny enough, I haven't been contacted by Verizon about the fact that my router is insecure or has default passwords. They haven't changed the password(s) on my router or reconfigured anything other than when I called them 2 weeks ago to make them give me more speed for less money (Packages changed, double the bandwidth I had for $15/mo LESS).

Please contact Verizon, ask them to cancel your service and GTFO the internets plz.

Re:Wow... retards abundant (1)

blackraven14250 (902843) | more than 3 years ago | (#33103004)

Apparently, Verizon isn't trying to access routers that aren't their own property. Shocker.

Re:Wow... retards abundant (1, Troll)

gearloos (816828) | more than 3 years ago | (#33103054)

retards abundant? yes, apparently there are. Retards like you who don't understand the basic rights of an individual in this country. I don't care weather it was a stupid thing to do, and yes it was,but he has the right to not have his property trespassed. Lets see how Verizon would like it if you scanned everything and found one they left and changed it then sent a "there, fixed that for you" letter. Just because the guy at the gas station found you wallet and spare key, does he have the right to go in your house and change the lock? oh, and I think its cute how people like you call yourselves "engineer" Ever heard of the F.E, E.I.T., or P.E test? yeah sure...retards, yes there are...

Re:Wow... retards abundant (1)

blackraven14250 (902843) | more than 3 years ago | (#33103190)

It's not his bloody property. Verizon leases the router to him; he does not own it.

Re:Wow... retards abundant (1)

Raxxon (6291) | more than 3 years ago | (#33103222)

How many cars of coal do you have to have for your engine to haul 19 boxcars loaded to 85% weight capacity from Pittsburg to Detroit?

The "engineer argument" was old when I finished my CNE testing back in 1993, and it's even more played out now.

Last I checked, the router is not OWNED by the individual user on the end, it's rented as part of the contract agreement. This might have changed as I haven't looked at the newest revision of the contract they're having people agree to for new service, but if they retain ownership via that then the "end user" has NO room for complaint.

So let's see... (4, Funny)

mandark1967 (630856) | more than 3 years ago | (#33102918)

Lazy Fuck receives router with password set to password1
Lazy Fuck doesn't change it for THREE fucking years
ISP decides to secure router for Lazy Fuck since Lazy Fuck evidently cannot
ISP Emails Lazy Fuck with new password
ISP changes password so Lazy Fuck doesn't get wtfpwn3d
Lazy Fuck whines like a petulant little schoolgirl

How did this retard even find slashdot, let alone create an account and post?

lazy fuck could be lit on fire next to a pool and he'd burn to death.

Re:So let's see... (0, Troll)

BagOBones (574735) | more than 3 years ago | (#33103030)

Damn, I wish I had some mod points, best summary yet.

Slashdot for Schmucks (1)

tengu1sd (797240) | more than 3 years ago | (#33103158)

In honor of the movie Dinner for Schmucks [imdb.com] Is Slashdot holding a contest for stupid submissions? Come on, I have a device on the internet with the default password and someone changed it. Please thank the nice ISP and go back to watching reruns of Gilligan's Island on Hulu. Nothing to see here, move along.

Re:Slashdot for Schmucks (2, Funny)

WeatherGod (1726770) | more than 3 years ago | (#33103194)

Wait a minute... Giligan's Island is on Hulu?! Awesome! Best... Thread... Ever...

This guy is a fucking idiot. (0)

Anonymous Coward | more than 3 years ago | (#33102920)

Verizon does him a favor by changing his password and he complains about it. Maybe he'd prefer having his router hacked or something. What a dipshit.

Remote Access (0)

Anonymous Coward | more than 3 years ago | (#33102922)

When I got fios 2 years ago, I noticed the port. In the end I just swapped the router with my WRT54G-TM /w Tomato Firmware after the verizon tech left.

-

You're still at fault for leaving your password at the default, but verizon should not have control over the router you own.

srsly u r dmb (1)

Junior J. Junior III (192702) | more than 3 years ago | (#33102932)

Pro tip: If the router is "yours", you might want to set a password for it that only you know.

Has there ever been a dumber article on /.? I think this is a strong candidate for winning the contest.

This is only a problem... (0)

Anonymous Coward | more than 3 years ago | (#33102934)

...If you did not change the default username/password. I am on FIOS, and this was done within 20 minutes after the installer left.

However, it is commonly known among the FIOS community at dslreports.com that port 4567 is indeed open to the outside, even when you have remote administration disabled. It is believed that this port is used by Verizon to push firmware upgrades to the hardware. The port can be closed by making a firewall rule to block traffic to the port.

More Changes (0)

Kohenkatz (1166461) | more than 3 years ago | (#33102938)

Further inspection reveals that they also wiped the router's logs. The router is supposed to leg settings changes. The last stuff it has before my first login after the password change is from July 2007, even though there used to be stuff there from last time I went in.

Re:More Changes (1)

FaxeTheCat (1394763) | more than 3 years ago | (#33103048)

Do you honestly think we care?

Re:More Changes (1)

Sollord (888521) | more than 3 years ago | (#33103196)

Your renting the router they can do what ever this wish with there hardware when it comes to securing there network also this was most likely done via the coax jack via a firmware update that resets the modem and auto generated a new password based on the routers serial it's unlikely it's accessible with out special equipment at the noc or head end.

Yeah! (0)

Anonymous Coward | more than 3 years ago | (#33102944)

And MS shouldn't be able to fix my computer either, *I* own this unpatched, vulnerable machine!!

Or maybe... (2, Interesting)

segin (883667) | more than 3 years ago | (#33102946)

It's because the router is Verizon property and they probably have access to it no matter what your password is?

Actually, I've never used FiOS but I've always assumed that the routers remained property of Verizon, same as the set-top-boxes for television do. If someone can prove this, one way or another, I'd like to know.

P.S., on another note, has anyone tried to port a free router distro to the Westell 9100EM [verizon.net] routers specially made for Verizon as FiOS routers and MoCA [wikipedia.org] gateways. It seems Westell released the Linux-based firmware source [westell.com] which, although I've not looked at it, is probably the same Linux firmware that Verizon ships these things with, except without Verizon's branding and webapp look-n'-feel. I'm surprised that no-one has tried to port another Linux distro to it, but I guess that if Verizon owns the routers, the customers with the know-how won't bother trying.

Mom. Please stop posting stories to Slashdot (0)

Anonymous Coward | more than 3 years ago | (#33102948)

Everyone thinks you're an idiot!

a better password? (0)

Anonymous Coward | more than 3 years ago | (#33102950)

If I had been the Verizon techie I would have changed the password to dumbf@ck

Easier way to find out new password (5, Funny)

spartacus_prime (861925) | more than 3 years ago | (#33102964)

<Cthon98> hey, if you type in your pw, it will show as stars
<Cthon98> ********* see!
<AzureDiamond> hunter2
<AzureDiamond> doesnt look like stars to me
<Cthon98> <AzureDiamond> *******
<Cthon98> thats what I see
<AzureDiamond> oh, really?
<Cthon98> Absolutely
<AzureDiamond> you can go hunter2 my hunter2-ing hunter2
<AzureDiamond> haha, does that look funny to you?
<Cthon98> lol, yes. See, when YOU type hunter2, it shows to us as *******
<AzureDiamond> thats neat, I didnt know IRC did that
<Cthon98> yep, no matter how many times you type hunter2, it will show to us as *******
<AzureDiamond> awesome!
<AzureDiamond> wait, how do you know my pw?
<Cthon98> er, I just copy pasted YOUR ******'s and it appears to YOU as hunter2 cause its your pw
<AzureDiamond> oh, ok.

You'll get no sympathy here... (1)

overnight_failure (1032886) | more than 3 years ago | (#33102974)

You're lazy about security and you complain when someone actually tries to improve it because you haven't been bothered in 3 years to do it yourself.

Life must be terrible for you if this is the most you have to complain about.

Huh!? (1, Redundant)

topham (32406) | more than 3 years ago | (#33102986)

Your worried about their level of access when you left it with the default password?

Change the thing yourself. DUH.

This is News for Nerds, Stuff That Matters?!? (5, Insightful)

djlowe (41723) | more than 3 years ago | (#33102990)

Hi,

I checked and it actually had been changed.

OMG! So, you tried the new password, and it worked? Why didn't you change it then? More importantly: Why didn't you change it the first time?

I am upset about this because Verizon should not have any way to get into my router and change the settings, especially because I own the router, not them!

No, you're upset because you are clueless, though you think you are not, just discovered it and are pissed off because your router had the same password for 3 years as a result, and Verizon was forced to change it because you were too ignorant to do so yourself earlier.

I looked in the router's settings and I see port 4567 goes to the router and is labeled 'Verizon FIOS Service.' Is this port for anything useful other than Verizon changing settings on my router? What security measures does Verizon have to protect that port from unauthorized access?"

I imagine they at least understand the importance of password security, where you apparently did not.

You're not a nerd, this isn't news that matters... slow day, Timothy?

Regards,

dj

News for ... wait, who? (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33103016)

Really?

How is this worth a Slashdot article?

Really? (0)

Anonymous Coward | more than 3 years ago | (#33103022)

Verizon owns the routers. They supplied it, and the router is simply on load while you purchase their services so that you can access them. And they always have the right to adjust your system settings. That router provides access to their network at your home. They are simply trying to prevent anyone other than who lives in your household from using their network without paying.

We all know what the new password is (0)

Anonymous Coward | more than 3 years ago | (#33103036)

We all know the new password is either: password2 or admin2 now.

How sad.

It's a well-known backdoor (1)

duppyconqueror (1161341) | more than 3 years ago | (#33103060)

It's been well known for years that Verizon has a backdoor into all of the Actiontec routers that they deploy (even if the user changes the admin password, so go easy on the OP). If you're lucky enough to live in a condo complex or somewhere else where they use VDSL to provide internet access (instead of coax or the lesser-used ethernet), you don't have to use the Actiontec router, and can use something else as your Internet-facing device. My co-worker was pretty peeved when he called Verizon tech support one day and they told him that "it looks like you have wireless turned off."

I'm curious (0)

Anonymous Coward | more than 3 years ago | (#33103072)

Does this mean that router passwords are stored plaintext, or did the hash match up with the one for password1? If there's anything to draw from this story, it's that we should probably check how the passwords are being stored. Some people use similar passwords for unimportant things(Both my routers and my desktop all use the same password), while still using secure ones for important things. Yes, yes, if it's all local and people are stealing the password then I probably have bigger issues then that, but still, it could be a weaker link in the chain, which is never good.

It's not your router. (1)

CuriousGeorge113 (47122) | more than 3 years ago | (#33103082)

I have Fios myself ... when I got the install done a few years back, I had my own router ready for the tech to use. When he showed up with the Actiontec, I remarked to him "Oh, I didn't know you guys were giving me a free router with my service." His reply was right along the lines of "We're not giving you a router, we're letting you use this one."

So, the way I see it ... Verizon changed the password in their router that they placed in your house. You could always .... get your own router.

Re:It's not your router. (1)

duppyconqueror (1161341) | more than 3 years ago | (#33103152)

That might vary depending on your contract. When I signed up, the advert definitley said "free router," and when I canceled, they told me to keep the router. I'm still using it for its MoCA capabilities (not as my primary router, of course, given the backdoor).

Worst post ever. (0)

Anonymous Coward | more than 3 years ago | (#33103090)

This is by far the worst post I have ever seen on Slashdot! " I am upset about this because Verizon should not have any way to get into my router and change the settings, especially because I own the router, not them!" What the hell? The password was a known default one that left your router accessible and they closed that hole. Sounds like Verizon actually took a positive action. Please take this post to Digg where I would expect to see such drivel.

At least you knew your password (3, Interesting)

IBBoard (1128019) | more than 3 years ago | (#33103114)

At least you knew your password! Sky in the UK ship out Netgear routers and don't tell you the password. I "brute-forced" it in about three attempts, but that's not the point (in fact, perhaps it is, since it was something like "admin" and "sky"!).

The worst part was that we later complained about speed issues on the line and they got back to us saying "sorry, we seem to be having problems accessing your router". Erm, yeah, that'd kinda be the point - I don't want my router open and available with any backdoors on the Internet!

In his defense... (2, Insightful)

sanosuke001 (640243) | more than 3 years ago | (#33103116)

Most routers do not allow remote administration unless you specifically enable it. If it was disabled; he shouldn't have a problem with a bad password. The router "shouldn't" allow anyone to log in remotely.

Unfortunately, we all know that not enabling something doesn't always mean it can't be accessed and he should be kicked off the internet for being ignorant.

An insider says: (2, Informative)

dicobalt (1536225) | more than 3 years ago | (#33103124)

Comcast and AT&T have access to routers that they supplied as well. This isn't limited to Verizon.

Erm.... TR-069, anyone? (5, Informative)

jimicus (737525) | more than 3 years ago | (#33103132)

AFAICT, many ISPs that supply their own routers are actively looking at (if they're not already) supplying routers which support TR-069 and setting up infrastructure to configure them.

This is a protocol intended for the management of home routers - unlike SNMP, it's got some semblance of security (it's actually based on SOAP over HTTP, optionally HTTPS) - IIRC the CPE initiates the connection and can get things like configuration and firmware upgrades automatically.

I don't see how this is drastically different in concept from cable modems, which are more-or-less invariably heavily managed using DOCSIS.

You should not be upset about this (1)

mysidia (191772) | more than 3 years ago | (#33103144)

You left your router using the default password they assigned to it.

It was a default password, so of course they know it, other people know it too (who you should trust less than your ISP), and of course they can connect to it, if you can. In fact, they can require you provide them management access to the router, or opt to disconnect your service instead.

Basically, Verizon is doing you a big favor and you're being persnickety. Verizon's actions are intelligent, your actions are negligent, and your response is absolutely atrocious.

As an ISP, they should of course know the publicly reachable IP addresses of your router, and they should take reasonable steps to secure their network without excessively intruding upon their users.

You are responsible for your router, but so is your ISP. There is a shared responsibility here.

They assigned the password, so they know it, and can change it, until you change it.

I believe it is your responsibility to change it, and if you fail, they have justification in taking steps.

Changing your password for you is the least disruptive thing they can do.. serial number is not that secure, anyways... they could have instead opted to disconnect you, and wait for you to call in from a cell phone and receive instructions to change your router password and call back to be reconnected to FiOS.

a strange way to show your appreciation (1)

petes_PoV (912422) | more than 3 years ago | (#33103150)

When I read the article, my brain interpreted it as

Thank you for looking out for me and my security. I realise you didn't have to go to all that trouble - both to help save me from myself and to actually send me email to keep me aware. I can see that you are definitely on top of your customer support processes, and I promise not to call you with stoopid questions that I could easily answer for myself if I just opened the manual,

Define "supplied" (1)

UnknowingFool (672806) | more than 3 years ago | (#33103172)

The router that you have is Verizon supplied. Does that mean it comes with your service or that you are renting it? In that case technically it's not "your" router. It's theirs and they can change it if they wish. In most rental/lease agreements there are clauses that allow the owner to modify, inspect, replace, remove, etc the equipment. If you bought the router, that's another story. They shouldn't have done it but it's not the end of the world.

Tough passwords... (1)

ff1324 (783953) | more than 3 years ago | (#33103188)

Did they only change password1 and admin1? What about such winners as admin, password, 123456, and default?

You Don't Own the Router (1)

mikestew (1483105) | more than 3 years ago | (#33103204)

I've got Verizon FioS (well, Frontier now). I don't own my 9100, I seriously doubt you own the Verizon-supplied Actiontec. I'm on my third provider (fourth you count Frontier now that they've taken over FioS), and every single one of them wants the modem back when I disconnect.

I've got fresh new mod points, but unfortunately not enough to +1 everyone who said, "you're an idiot". But I think it's the first time I've ever seen almost unanimous agreement on /.

How to disable the backdoor (5, Informative)

duppyconqueror (1161341) | more than 3 years ago | (#33103218)

http://www.broadbandreports.com/forum/r21990593-modemrouter-Remove-the-actiontec-verizon-backdoor-on-port-456 [broadbandreports.com] Haven't tried it, but worth a shot. Took a (very) little bit of googling to find which was still less effort than lambasting the OP.

Lets see here (1)

Delarth799 (1839672) | more than 3 years ago | (#33103224)

On the one hand you have a company that is protecting morons like you from malicious attacks and helping to secure your router and connection. Now they could have left this all be fine, but I wonder how would you have enjoyed this little scenario?
1. Hacker accesses your router remotely or via a malicous website because YOU never changed your password from the default.
2. Your DNS addresses are changed to use one of their DNS servers
3. You attempt to go to what you believe is a secure website, perhaps your banks website
4. The hackers DNS server redirects you to a spoof website that looks just like yours
5. You enter your information thinking its your banks website, instead you just gave them your bank information

Verizon just protected you because YOU were too lazy to protect yourself. THEY are looking after YOU, and yet all YOU can do is whine and complain because how dare they access the equipment you are leasing from them.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?