Optus cable security threat fixed

Telco accidentally left "back door" open to hackers.
 
Learn more
 
 
 
 
 

01.Potential threat to thousands of customers

security-software-lead

Optus has fixed a security flaw that could have allowed hackers access to tens of thousands of customers’ modems, according to a Fairfax news report.

Concerningly, the flaw could allow access to customer call records, control the modem and compromise security of a customer’s local network.

Flaw found by customer

The flaw was discovered by an Optus customer, who posted it anonymously on the Optus community noticeboard. He didn’t want to reveal his identity, fearing legal repurcussions. The flaw was in the form of a “back door”, a secret password which could provide remote access for Optus technicians for troubleshooting and administration. However, in this case the password was the same as the default supplied by the modem manufacturer, and thus available to anybody. A hacker would not need to install any software or modify the equipment in any way.

While back door access for technicians is common practice, in this case the back door password was left as the manufacturer’s default password, which is the same for all users of that model. Optus doesn’t allow this password to be changed by users.

Optus repaired the flaw by remotely changing the access user name and password combinations of all affected modems. Optus reportedly said a security review is now underway and that the Privacy Commissioner would be notified.  

While the customer who discovered the security flaw stayed anonymous for fear of possible legal risk, Optus later thanked him for raising the security issue and said there would be no legal action as a result.
 
 

 

Sign up to our free
e-Newsletter

Receive FREE email updates of our latest tests, consumer news and CHOICE marketing promotions.

 
Your say - Choice voice

Make a Comment

Members – Sign in on the top right to contribute to comments