Article 19: Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.
Universal Declaration of Human Rights

Sunday, August 15, 2010

Aku xtau la betul ke dak..


Warning To All Unify User

You know, the first day I got Unifi, I asked you guys (TMnet) if I would be able to use my own router. Well you said no. When I discovered the SSH daemon running on the router (which used a different password than the web user interface), you said you couldn't disclose the password. An hour ago, I discovered that password and the reason why you won't give it out.

TM, you basically planted a bloody backdoor in everyone's DIR-615 router.

user posted image

What is this? What are all these hidden options in this special account you neglected to tell us about? You mean to say I could have used my own router all along? You mean people spent >RM1000 on Cisco grade equipment just because you didn't want to tell them about this?

user posted image

You mean in a sample group of 900 nodes, 600 of them who think their networks are 'secure' are actually completely open? Even those companies on Unifibiz which use the same router? WOW..

That's right guys, TM named the "administrator" account on the DIR-615 as "admin" when there was actually a secondary administrator account with a higher access level. The VLAN settings were never locked out, that account which we all assumed was the admin (because they told us so) was actually a noob piece of shit with <60% access to the router. This account has the same user/pass across every Unifi router that has been given out so far and cannot be changed or even seen with the default 'admin' account.


What's the fix?

user posted image

Untick remote management. If you have a firewall on it, block all the ports (TCP 22/23/80/8080/443) from WAN access.


UPDATE : If you're a Unifi user on firmware 7.05, if you read everything in the management page you can find the username for this account. The pass is the same, once you get access log in and reconfigure your router security properly. I can't believe not a single technician set this account up properly.



Some less tech-savvy people have asked me what this all means.. so here goes -

Q: What is this and how is this possible?
A: Every consumer router has a username/password combination to access it. This is a basic security feature to ensure that only you (the owner) can access it. This Unifi router however, has two accounts by default. When TM installed Unifi in your home/office, they only configured the first account. The second account -- which has a higher level of access was left configured with its default username/password. They also neglected to inform the customers (you) and their own technicians who did the install about this second account. As every Unifi user is 'forced' to use this router and this account has not been configured properly, every Unifi user is also vulnerable to have their routers accessed by unauthorized users simply by using this default account user/password combination.

Q: So what if outsiders can access my router? What does this mean?
A: The Unifi router is not just a simple box that sits on your network. It can be considered to be a full computer system and has the capability to run any executable that's made for it. Since an outsider can access your router, he can also do the following :

- Turn your router into a proxy, if he commits any crimes online it will be traced back to you instead and you will take the fall for it
- Use your 10/20mbps Unifi account so he doesn't have to pay for his
- Use up your bandwidth quota (once quotas are implemented) as much as he wants and you will pay for it
- 'Spy' on your Internet connection and view every site you are visiting
- Forward all connections to your home PC using DMZ, making your home PC completely vulnerable to Internet attacks.. if you have an open NAS (network attached storage) on your home network, he will be able to access all your files

And the list goes on and on..

Q: So how can I fix this?!
A: Make sure remote management is disabled (as it is enabled by default). With this enabled, anybody with this default user/pass combination can access your home router and perform the attacks I mentioned above. This fix however, doesn't prevent people on your own LAN network from accessing the router. If you are running an open Unifi hotspot (shop wifi, etc) and you are using the default DIR-615 router, the only fix is to access this second account and change the password.

I've uploaded a Router Security guide and VLAN bridging guide (to use your own hardware with Unifi) on my website @

No comments:

Post a Comment