Contributors   |   Messages   |   Polls   |   Resources   |   Register for newsletter
Comments
Newest First | Oldest First | Threaded View
Alison Diana
Alison Diana
5/9/2018 4:08:46 PM
User Rank
Author
Re: UPDATE - FIX DEVELOPED
They were not the router manufacturer, which I gather was an OEM in Asia, but rather the security firm that located the vulnerability. The same firm that found the problem created a fix, something they did not have to do. I know they get attention when they do this which, in turn, can create corporate customers -- and certainly a lot of goodwill -- but it's a longshot way of doing it and I always imagine it's driven because they enjoy the challenge of fixing what somebody else "broke," so to speak, as coders.

50%
50%
afwriter
afwriter
5/9/2018 1:09:42 PM
User Rank
Gigamaster
Re: UPDATE - FIX DEVELOPED
It would have been better if the attack never happened and I know that this is a little PR, but at least the company was proactive about it and found a solution. 

50%
50%
Alison Diana
Alison Diana
5/9/2018 9:16:15 AM
User Rank
Author
UPDATE - FIX DEVELOPED
The company that found the vulnerability contacted me on Tuesday to say they worked all weekend to fix the flaw. Here's part of the email they sent:

 

"Since users are under attack, our research team worked throughout the entire weekend to try and create a patch for the routers. I'm proud to say they did it.

It is critical that users know about the patch and can use it to fix their routers. We created a tool that allows them to do this, even if they don't have a technical background.

https://www.vpnmentor.com/tools/gpon-router-antidote-patch/

Sarit"

50%
50%
DonBrowne
DonBrowne
5/9/2018 6:53:13 AM
User Rank
Gigamaster
Re: So many infected routers...
It's amazing and thought provoking to realize that it's estimated that "at least 1 million high-speed GPON routers are impacted," and whether Google and others may have a solution to circumventing the possbile problems with full fiber router vulnerabilities.

50%
50%
afwriter
afwriter
5/8/2018 1:30:44 PM
User Rank
Gigamaster
Re: So many infected routers...
I wonder if the vendors are afraid to do that because it would tie up too many resources, at least up front. Anecdotally, I have shown my mother-in-law how to use her ROKU a million times, and she still can't figure it out, I can't imagine having to explain to her how to change her router password. Still, I guess the headache would be worth it to prevent vulnerabilities. 

50%
50%
mhhf1ve
mhhf1ve
5/7/2018 5:20:11 PM
User Rank
Gigamaster
Re: So many infected routers...
I wonder how many manufacturers will take up Google on its ThingsOS platform -- where Google says it will handle all the security updates for the next three years.

50%
50%
Alison Diana
Alison Diana
5/7/2018 4:17:09 PM
User Rank
Author
Re: So many infected routers...
The simplest step router vendors - and all vendors of connected devices - could take would be to do away with the built-in, preset password. Once a device is installed, that preset password should expire after X number of uses, forcing a user or administrator to change the default to a (hopefully) more secure and private password. 

50%
50%
michelle
michelle
5/3/2018 11:18:50 PM
User Rank
Gigamaster
Re: So many infected routers...
I think about this a lot myself. I pay attention to alerts to upgrade firmware in my home router. I wonder how many people have no idea they need to do anything with the router after it's set up.

50%
50%
mhhf1ve
mhhf1ve
5/3/2018 10:28:01 PM
User Rank
Gigamaster
So many infected routers...
It's not just GPON routers. There are so many insecure router out there that it's scary to think what could happen.

50%
50%
Duh!
Duh!
5/3/2018 5:16:21 PM
User Rank
Author
Chicken Little says the sky is falling down
The vulnerability is not a GPON vulnerability, nor is it present in all GPON home gateway/routers. It apparently affects a vendor to Telmex, JSC in Kazakhstan and FPT in Vietnam. Other sources have named the vendor, but this is unverified.

The testing results on "random" GPON routers is puzzling.  I understand that the base software in a lot of the small vendors' ONTs is purchased from one developer. A defect in this webconfig server could affect all of these vendors.

 

50%
50%


Latest Articles
On Jan. 23, Broadband World News hosts a Calix-sponsored webinar that explores several ways CSPs can enhance customer experience and find new business opportunities to avoid devolving into a speed race where nobody wins, not even the customer.
Prysmian is working for a government-owned Mexican company to connect remote regions of the country with high-speed broadband.
The lack of an accurate broadband map means states and counties are tackling this issue themselves and sometimes finding big disparities in the data before spending their residents' money on deploying infrastructure.
Next year many operators must decide whether to invest more in HFC or go all-in to fiber, pick their PON and choose their managed-WiFi path, writes analyst Dan Grossman, who also recommends providers bundle managed WiFi and analytics to best serve residential subscribers -- and operators' own businesses.
Public-private partnerships, investor interest, self-help in rural areas and incumbents' return set the scene for a busy year of broadband deployment in the US countryside in 2020, writes Analyst Dan Grossman.
Sponsored Video
Ronan Kelly, ADTRAN CTO, EMEA & APAC, shares his thoughts on the regulatory and government policy, technology adoption and consumer services ...
Ronan Kelly, ADTRAN CTO, EMEA & APC, shares his thoughts on industry operators leveraging virtualization, disaggregation and open SDN control, ...
Network slicing promises to be a panacea, but the biggest hurdles are not technological. The grand ambition of enabling intelligent, adaptive, ...
F-Secure has been providing security for endpoints for 30 years, and using AI and machine learning algorithms, for example in the labs to automate ...
Fahri Diner, CEO and Co-founder of Plume, unveiled a new open source initiative, OpenSync, at Broadband World Forum 2018. Announced together with ...
All Videos
Information Resources
All resources
Video
At the recent Broadband World Forum, Alzbeta Fellenbaum, a principal analyst and manager of research at IHS Markit, discusses the broadband speed ...
At the Broadband World Forum in Amsterdam, Michael Philpott, senior practice leader of Ovum's Consumer Services team, outlines the key ...
At the recent Broadband World Forum 2019 event, Lincoln Lavoie from the University of New Hampshire Interoperability Lab (UNH-IOL) gives an update ...
At the Broadband World Forum 2019 in Amsterdam, Light Reading's Iain Morris and Ray Le Maistre discuss some of the industry's hot developments, ...
Alternative UK fixed-broadband network operator Community Fibre is deploying ADTRAN gear to take 10 Gbit/s to London users at aggressive prices.
All Videos
Webinars
Thursday, January 23, 2020
12:00 p.m. New York / 5:00 p.m. London

It wasn't long ago that TV was ranked by subscribers as the most important service in the bundle provided by their communications service provider (CSP). Recent research indicates that for nearly three quarters of subscribers, broadband is now the most important service. Broadcast TV is the most important service to only 15% of North American consumers, replaced by OTT video streaming platforms like Netflix, Amazon Prime and Disney+. In addition, many different competitors are moving aggressively to stake a claim in consumers' homes.

In 2020, CSPs need to fight back by transforming their business models, which are becoming more reliant on a single source of revenue: fixed broadband services.

This webinar will focus on helping CSPs transform their business models by placing a firm focus on delivering a sensational subscriber experience and by offering compelling new services that generate value for subscribers. These actions will reinforce the CSP's strategic position in the home network and position themselves for growth in the next decade.

Key topics include:

  • Being the first to market with WiFi 6 technology, in response to consumer purchases of new devices over the holidays;
  • Having the insights needed to proactively resolve issues, often before your subscribers even know that there are issues;
  • Providing help desk agents with the visibility they need to resolve common subscriber issues more quickly;
  • Delivering a mobile app, in response to consumer demands for the ability to do some things themselves, rather than having to call technical support; and
  • Addressing consumer concerns around device security, privacy and control with enhanced security and parental controls.

Broadband World Forum Perspectives
As the Senior Digital Experience Strategist at Canadian operator Rogers Communications, Lindsey Omelon build on her years of marketing experience to approach her strategy with a hybrid ...
There's certainly no shortage of hype around the use of AI in the telecoms sector, but fewer instances of real-world deployments. South Korean national operator KT is one of those ...
Do a Google search of 'artificial intelligence broadband' and you'll get more than 9 million results in less than a second: The sheer volume of content out there shouldn't surprise anyone ...
Comcast, like any other major communications service provider, is undergoing significant changes in the way it grows its business, how it runs its business and the technologies it uses to ...
Five years ago, NOS board member Manuel Ramalho Eanes banked big on smart homes and smart cities.
All Broadband World Forum Perspectives
Flash Poll
Radio Shows
In this insightful Light Reading radio show, Kurt Raaflaub, Head of Strategic Solutions Marketing, will outline the key service provider challenges, deployment considerations, next-gen Gigabit technologies, and service models to win market share in the rapidly growing MDU market.
Broadband World News
About Us     Advertise With Us     Contact Us     Help     Register     Twitter     Facebook     RSS
Copyright © 2020 Light Reading, part of Informa Tech,
a division of Informa PLC. Privacy Policy | Cookie Policy | Terms of Use
in partnership with