Telkom premium combo ADSL wireless router security hole

Posted on June 27th, 2007 by Richard Catto 25,020 views

Cape Town news has discovered a security hole in Telkom’s premium combo DSL router that allows hackers to obtain a DSL account’s username and password.

This information is then used to gain Internet access, using the DSL account, and deprives victims of bandwidth they have paid for.

The premium combo DSL router has a Remote Acess feature which is disabled by default. However, this security measure is easily defeated by connecting to the router via the alternative port number.

To protect yourself from this security hole, please ensure that your router’s firewall is turned on and that your admin password has been changed to something non-trivial.

Ultimately, Telkom, is liable, I believe, for this security hole which has been widely exploited already to deny people use of the bandwidth they are paying exorbitantly for.

People who have had their bandwidth stolen in this manner, may contact me if they are interested in joining a legal suit against Telkom.

Despite my efforts to get Telkom to reinstate my bandwidth, they refuse to respond to my correspondence.

Filed under bandwidth cap, bandwidth theft, DSL, DSL secuity hole, premium combo router, Telkom, Telkom ADSL |

55 Responses to “Telkom premium combo ADSL wireless router security hole”

Richard Catto Says:
June 27th, 2007 at 19:15
How many people, I wonder, have had their bandwidth stolen because Telkom has handed them a totally insecure router?

We need to hold Telkom accountable for this!

Please consider joining a legal action against Telkom.
Richard Catto Says:
June 27th, 2007 at 22:50
I received absolutely no help from Telkom, when trying to discover how my account was compromised.

I received a response telling me that my account had indeed been used in different locations.

I was told to open a criminal case with the SAPS. They told me to request that a subpoena be issued compelling Telkom to divulge the identities of the people who used my accounts without my permission.

I replied, suggesting that there were several ways they could have prevented this misuse. I felt that they should open a criminal investigation themselves, upon receipt of a complaint of bandwidth theft from a customer.

I asked how anyone could access my router since Remote Access was disabled.

They refused to respond to any of my follow up emails.

Clearly, they don’t give a shit.

Telkom allowed over 4.5GB of bandwidth to be used on one of my accounts on June 08 2007, when clearly my infrastructure could not even support that. It was also a complete departure from my normal usage.

And Telkom has no intention of restoring that lost bandwidth to me.
Marelise Says:
June 29th, 2007 at 13:58
The user is to blame.

If you have a security gate installed but you do not lock the gate then you cannot blame the security company that installed the gate, you are to blame.

In every document Telkom released on installing the ADSL modem the first thing is to change the default username and password. If you failed to follow the installation procedure then Telkom cannot be held accountable.
Richard Catto Says:
June 29th, 2007 at 18:48
The Remote Access feature is an integral part of security. It fails to block ALL outside attempts to gain access.

When using the easy setup CD, the installation program fails to prompt the user to change the default admin username and password.

One has to be technically inclined to change the admin details.

Furthermore, on previous DSL routers, despite efforts on my part, the router refused to take a new password.

Two DSL routers previously issued to me, failed and were returned for a swap out. The premium combo DSL router is the third router I have had. By the time, I got to this router, I felt that any attempt to change the admin password was a lost cause, because the function failed to work on the previous two routers.

When I received my premium combo router and plugged it in, I was immediately connected without running any setup to supply it with my username and password. Upon inspection, I discovered that it had the username and password of someone else already installed. I could have piggy-backed on someone else’s account, courtesy of Telkom’s totally absent security measures.

I uninstalled their account and replaced it with mine, without making a note of their account details. I don’t think everyone will do this, though.

Marelise, I categorically reject your thesis.

The admin password is only ONE layer of security against account theft and misuse.

Fact is, as a security measure, the Remote Access (disabled) feature is completely compromised and offers the user no security, whilst lulling them into believing that it does. It’s like a trelli door which does not lock. The door appears to be closed, but it’s opened at the flick of a switch that is accessible by the very people you wish to keep out.
Jody Says:
July 2nd, 2007 at 10:28
How do I know if I have been a victime to this of thing??? I got my premium combo working yesterday and today I’m already on 850 Mb!!!! I only know of 450 Mb which I was prepared to use. Have just changed my password now … but I must admit that no where was I told how to do this nor was It recommended that I do it.
Richard Catto Says:
July 2nd, 2007 at 17:11
Jody, it’s not unheard of to do over 1GB of traffic in a day, depending, of course, on what speed you are connected at.

I am on a 512K DSL line.

[ I wanted to upgrade to the 4MB service, but was informed that I would have to pay penalty fees to upgrade my package. Telkom would not allow me to simply pay the difference in price between a 512K and a 4MB connection. They wanted MORE! So now I am waiting for my 24 month contract to expire in December and then I will possibly upgrade to the 4MB package. ]

If you want to know if others are using your account, you can email abuse@telkomsa.net and ask them to investigate your account. Supply them with your username and your telephone number.

If your account has been compromised, you will have to also change the password to your account. This can be done at http://www.telkomsa.net using the password tool.

My suggestion to Telkom was that they:
1. not allow concurrent logins
2. not allow my accounts to be used on any other telephone line
Jody Says:
July 2nd, 2007 at 19:38
I have the basic 385?? kb/sec option capped at 1 gb.

Sorry, I’m missing something here … what has my connection speed got to do with it? Its the number and size of data packages (files) that you download that determines your usage is it not???

I was also wondering if we pay for both Up and Down load or is it on;y downloads that are capped???

Thanks for your assistance.
Richard Catto Says:
July 3rd, 2007 at 17:56
Connection speed determines how MUCH data you can transfer in a given time frame.

Of course, it is doubtful that you get the whole 384 Kilobits per second. That’s equivalent to 48 Kilobytes per second. Or 168 Megabytes per hour or 3.96 Gigabytes per 24 hours.

My 512K connection should give me 64 KB per second. It actually gives a maximum of about 50K per second.

Bandwidth used is all tranfer, iow, both download and upload are counted.

Anyone not getting answers and assistance from Telkom can also look at the forums on http://www.myadsl.co.za.
Louw Says:
July 9th, 2007 at 10:56
Hi, i got the new router this weekend. I had to turn off my firewall on the router in order for my online gaming to work so I then changed my admin password out of pure paranoia. Would i be at risk leaving the setup as is? I’m trying to find a online manual, would it be possible for me allow certian applications access on the firewall like with windows firewall?
Richard Catto Says:
July 10th, 2007 at 05:03
Yes, you would be at risk turning off the firewall. Although, I would estimate the risk as lowish, since you have changed your router’s administration password, hopefully to something non-trivial and which does not contain an English word.

Please be aware that the routers password is reset to the default one if you decide to reset your modem to the factory settings.

Having the firewall turned on, does prevent one from doing some things and therefore many users opt to turn it off, since actually setting it up to open certain ports is a non-trivial exercise.

The modem is not user friendly. And it’s not secure.

Please change your password, disable Remote access and keep your firewall turned on at all times if you can possibly help it.

Also, check your bandwidth usage. If you have more than one DSL account, like myself, check your bandwidth usage on all of them regularly (i.e. daily). If you see unusually high bandwidth usage or usage on an account you haven’t begun to use yet, change the account passwords immediately and investigate your router’s settings.

Unfortunately, vigilance is required in order to prevent bandwidth theft.
Brian Says:
August 3rd, 2007 at 07:21
Hi. Had to do a full reset on Telkoms router with wireless and rj45 points. Now I come to set up the wireless network on my laptop and the router has put encryption on. Have got on to the router but am failing to see where the password/ encryption settings are.
What is the default password and where in the world do i turn it off whilst I set up?
getting frustrated.
Richard Catto Says:
August 3rd, 2007 at 11:21
You need the WPA key. Turn your router over. It is printed on a label affixed to the underside of it.
Parthy Says:
August 7th, 2007 at 08:26
I experience a similar problem of someone accessing my ADSL account and using up all my bandwidth. I have opened 2 cases of fraud and SAPS are trying to do an investigation.
Richard Catto Says:
August 7th, 2007 at 16:13
I haven’t bothered to lay a charge. I believe that I will be wasting my time and that ultimately no-one will be prosecuted and my lost bandwidth will never be restored to me.

Have you secured your router against account theft, Parthy?
Firewall????? - Gnutella Forums Says:
August 7th, 2007 at 21:25
[...] not find anything on the port forwarding web site about your router but I did come across this: Telkom premium combo ADSL wireless router security hole | Cape Town news You may want to find out if there is a security patch available before you go any further. UK [...]
Wilna Says:
August 14th, 2007 at 20:48
Eerstens wil ek net weet of ek n vraag in afrikaans kan vra?
Richard Catto Says:
August 14th, 2007 at 23:00
Ek het nie ‘n probleem nie.

Vra maar.
Daniel Says:
August 26th, 2007 at 21:12
Where and how do u check ur bandwidth online?

Sorry I am new with this!
Richard Catto Says:
August 26th, 2007 at 21:40
Go here:
http://adsl.telkomsa.net/
OR
https://secure.telkomsa.net/
Supply your Telkom ADSL username and password to log in.

You can change your Telkom ADSL password here:
https://online.telkomsa.net/pmt/index.html

That page is accessible from http://www.telkomsa.net/
dominic Says:
September 16th, 2007 at 20:23
http://mybroadband.co.za/vb/showthread.php?t=55533

there is a unit in cape town specialising in cases of bandwidth theft (read the last 2/3 pages of the above thread to see how it works)
dechlan Says:
November 18th, 2007 at 20:56
i too have a problem with telkom. my problem even extends right to january where telkom took their time fixing my adsl. i was not able to send anything, from emails to uploading pictures. this was finally fixed on august.

now im faced with the problem of being capped in the middle of the month and im not even home(my job entails me to travel)

telkom dont even have a record of what is downloaded by the user and getting through to them is pathetic. it takes me from 40 min to an hour at most and even then i get cut off or transfered to another department
Richard Catto Says:
November 18th, 2007 at 22:34
Dechlan, you must secure your router to ensure that your account is not being used by another. If your account is used, your bandwidth is being stolen.

To secure your router and your account, do the following:

1. Change your router’s password.
2. Change your ADSL account’s password.
3. Enable your router’s firewall.

Telkom has just rolled out a new usage tracker for their ADSL accounts. You can access it here:
https://secure.telkomsa.net/titracker/

If you like, you can post further details here and I will see if I can assist you further.
Trish Says:
January 12th, 2008 at 22:28
Hi Richard,

I am stunned and amazed at how prevelant this is. Thank you for your assistance and advise on this website.

I am not very good with changing passwords, etc. and don’t know where to start. Where do I change the router’s password? Where do I turn the router’s firewall on? Where do I disable the remote access? I have changed my password on my account on the website you provided, but am unable to check my usage on my account as the page opens with errors, even after numerous attempts. Furthermore, there was reference made to a security gate – what is that????
Sorry for all the questions, but I really don’t know how to do this and am doing my best to stay clear of being a victim of this horrible mess.

Thank you kindly.
iBurst versus Telkom DSL - why you should switch to iBurst | Cape Town news Says:
February 9th, 2008 at 03:44
[...] also previously been disadvantaged by Telkom who supplied me with a DSL router which contained a security hole and as a direct result of that, I suffered bandwidth theft. Telkom refused to restore the bandwidth [...]
Precious Says:
February 20th, 2008 at 13:34
My department is intending on using an Iburst as a remote connection between small offices and head office, please advice on any security measures to address before acquiring the system.

In case on information Systems, data confidentiality transmitted through electronically by email, etc
Richard Catto Says:
February 20th, 2008 at 19:58
Precious » I would regard iBurst wireless transmissions as being compromised as far as security goes. If you wish to transmit information securely, you will need to employ data encryption.

This is true for all types of transmissions via the Internet.
J Mares Says:
June 4th, 2008 at 11:50
I open my contract with TELKOM last year October and I get TELKOM ROUTER “Mega 105 WR and 1GYG including in price of ADSL line.To increese my GYG I am paying 1 GYG extra. I never had problem as I didnt used not even 1GYG a month.Eventually this year from February I am every month cloused to 2 GYG, and I do much les on internet than I used to do before.I reported my problem to my provider TELKOM,but nothing up to now has been dan.
Richard Catto Says:
June 4th, 2008 at 15:32
@J Mares: You need to change your Telkom ISP account passwords and also ensure that your router’s password has been changed.
Catha Says:
July 9th, 2008 at 11:43
one of my clients currently have a Premium Controll router from telkom, the problem at the moment is not the security or the bandwidth usage, which is high though.

The problem is that for one reason or the other we are having problems with replacing this router, once we install another one the network simply doesn’t work… It seems that this router is just doesnt want to be replaced. Have you ever came across a situation like this?

Do you maybe have any sugestions?
Thanks
Richard Catto Says:
July 9th, 2008 at 11:47
@Catha: I don’t understand the situation you are attempting to describe. You are going to have to be a lot clearer about what you are trying to do.
Catha Says:
July 9th, 2008 at 13:06
Hi there, to explain it in the simplest way would be: No other router is working on their network exept this one. We tried others and none other works. Thanks
Bongani Says:
August 19th, 2008 at 11:54
HI I have changed the Iburst now I am using the adsl telkom to send my email outgoing so what should I put in Vista
Richard Catto Says:
August 19th, 2008 at 16:09
@Bongani: Ask your tech support.
Andrew Says:
August 26th, 2008 at 11:00
Hi Richard
I have a telkom adsl line with a 3 gig cap. All i want to know is: can I access a telkom site where I can check my daily usage please?

kind regards

Andrew
Richard Catto Says:
August 26th, 2008 at 11:54
@Andrew: Yes.
Carol Says:
September 18th, 2008 at 15:06
Hi. Reading all these comments about bandwidth being stolen makes me extremely nervous. I applied yesterday for a Telkom ADSL wifi router and am supposed to go and fetch it this afternoon, but now I’m not so sure anymore… Is this problem mainly with Telkom? Or other ISP’s as well?
Richard Catto Says:
September 18th, 2008 at 20:23
@Carol: The problem this post originally was about was about a piece of hardware that Telkom supplied – the premium combo ADSL wireless router. Telkom may have fixed this problem now, but I don’t know because Telkom did not respond to my emails.
Jaco Says:
September 30th, 2008 at 11:48
Hi. I just got a new D-Link ADSL Router as replacement for my Telkom POTS router that gave up the ghost. I installed the router and all seems to be fine accept that P2P connections don’t seem to work as it used to on the POTS router. Any ideas as to what could be done to resolve this? Thanks
Joe Says:
October 18th, 2008 at 10:17
hi, richard

i would like to configure my router( mega105WR) for port forwarding. i tried looking on the net and couldnt find anything. could you give me some directions on how to do this
Marko Says:
October 18th, 2008 at 22:41
Phone Telkom
But seriously Joe, if you are unable to configure it yourself then you shouldn’t be thinking of doing it in the first place.
Jax Says:
December 18th, 2008 at 23:02
Best is to set the router into “brigemode”, then you can loose cap unnessary. easy to setup on Meg 100WR. let me know who is interested
Jax Says:
December 18th, 2008 at 23:03
++ sorry, igore prvious message +++
Best is to set the router into “brige mode”, then you cannot loose cap unnessary. Easy to setup on Mega 100WR router, let me know who is interested
harry chapman Says:
January 12th, 2009 at 11:16
my adsl account is being accessed when I am not on the internet. Listed below are examples of this.
1. 02/01/09 upload 23.375 d/load 66.7503
2. 06/01/09 upload 56.0812 d/load 70.779
3.09/01/09 upload 93.6508 d/load107.5704
this almost half of the 1gb allowed monthly.

can you please investigate this matter and advise me as to what is causing this and how I can avoid this problem from occuring in the future.

please advise me as soon as possible as this is costing me a lot of valuable internet time.

regards harry chapman
Richard Catto Says:
January 12th, 2009 at 11:30
@Harry Chapman: You have to ask TelkomSA to investigate this for you. Best way to prevent this is to secure your router.
Popeye Says:
March 2nd, 2009 at 20:33
Help! What is the difference between the Telkom online account and the telkom email account? I can log onto the telkom web pages with the online account but not with the email account. Also the email account doesnt work anymore in outlook express. What is the difference between these two account?
Pete Says:
March 5th, 2009 at 14:10
I have hacked a few routers now. The easiest way to do it is to hach wirelessly and then log into the router and obtain the usernames and passwords. I do this simply to help people. Not to steal bandwidth. It ussually takes me aboyt 30 seconds up to 2 minutes to crack a modem…….. In 95% of the cases the default user and password was not changed. People…. you cant complain if you do nothing about securing your pc’s!!!!! Come on!!!
Richard Catto Says:
March 5th, 2009 at 14:14
@Pete: I bloody well can complain if someone takes something they are not rightfully entitiled to! It’s called stealing. If I leave the front door of my house open and you go in and remove my property without authorisation, you go to jail.

It makes no difference whether my router is secured or unsecured. Using someone else’s bandwidth is THEFT.
Teresa Schultz Says:
April 17th, 2009 at 06:43
This happened to me too! On the 1st of April this year just over 1 gig of bandwidth on my account was used. NOT BY ME! It sucks. I’m disgusted. Yes, okay, so a solution is to learn how to secure it, but why should that be the only option? It’s sad that people are paying for a service not delivered properly, and having it stolen. Plus they are of very little help with enquiries.
Marko Says:
April 17th, 2009 at 18:33
@Teresa, the problem is that it is very difficult to prove that it was not used by you.

In many cases the bandwidth *is* actually being consumed by the person’s PC, completely unbeknownst to them, eg. Windows XP trying repeatedly to download from windowsupdate.com or a virus/trojan infection trying to replicate itself continuously.

I know this happens because I deal with these situations daily.

If you have a Windows PC, do install a good anti virus product, do turn on the Windows firewall and do configure Automatic Updates to inform you and ask you when it wants to download something.
Do also read your router’s documentation and turn off remote administration, change the admin password and secure the wireless access point (if present).

If you don’t know what I’m talking about or don’t care to try, do consider paying someone to do this for you, eg. Dial a Nerd.

If you need a good, free Anti Virus solution, consider Clam Win
Marko Says:
April 17th, 2009 at 18:37
One more piece of advice

Turn off your router, access point and computer(s) when not in use.
Richard Catto Says:
April 17th, 2009 at 21:08
@Marko: Telkom can tell which line was used to access bandwidth. When you complain, they tell you to open a charge with the SAPS.
Jean Says:
June 2nd, 2009 at 16:39
Hey there, you guys can’t blame telkom if you dont have a firewall or some sort of security on your side. I use my router firewall and OS firewall. Build a bridge a enable your firewalls please.
Richard Catto Says:
June 2nd, 2009 at 16:49
@Jean: Sure, we can. The article describes a security hole. iow, even with options set to deny remote administration, it is still possible via another port. That is a bug and the user cannot be held responsible for that.
Chester Says:
August 12th, 2009 at 13:05
Hi all
This is a big problem, 70% of people leave there routers password admin and user admin.
Guys do the following type in 10.0.0.2 on your internet browser and you will be able to view your router change your password to letters and numbers this is all I can say of this, I think this is sick that people take other peoples hard earned money.
kamercam Says:
October 3rd, 2009 at 08:29
Good morning all.Just a little warning to you guys.If you do have a private IT guy always watch what he is doing on your pc.There is a hack/way to find your account details off of the router.The first way A: is by making a backup of your settings,the account and router information can be found in the backup file that you have created.The second way B) is by viewing the source of the page where your account details is set up.

On wireless security try to stay away from WEP.it is possible to crack the wep encryption within 10 mins.WPA can also be cracked although bit more difficult but is.Also when you have only allowed certain Mac addresses,that a mac address can be spoofed.which means that the hard coded key on the hardware can be changed via certain software available.

another thing always default your router to factory settings should you return it to telkom or any other supporting company.There are many routers that have worm holes,not just telkom ones.

i havent done this yet but a lot of routers have java script running for the log in page.Java injectors are used to attack the router.And with the right injection the page becomes vulnerable.

take care and play safe.

chris