UniFi users open to hacker attacks

PETALING JAYA: Subscribers to Telekom Malaysia Bhd’s high-speed broadband service UniFi are vulnerable to exploitation due to a router setting that leaves it open to outside attack.

A hacker could take control of the router remotely and could, for instance, surf using the owner’s account, open ports that could leave the computer vulnerable to further attacks and spy on the user’s Internet activities.

“rizvanrp,” who posts on the LowYat Forum (bit.ly/bm6Eqe) discovered the vulnerability and went public with it on May 29. His discovery was also posted on Twitter.

According to him, the vulnerability is due to TM leaving each router’s remote management capability switched on, thus making it possible for others to remotely access the router using a username and password that is now easily found on the Internet.

A check by In.Tech at a UniFi user’s home in Damansara Jaya confirmed that the vulnerability exists and that the username and password are indeed available on the Web.

With these we were able to gain full access to the router from within the local network. We did not, however, try to access the router from outside the local network.

Having said that, to be able to access the router from outside the local network, the hacker would need to know the device’s WAN IP (wide area network Internet protocol) address.

Or the hacker could gain access via the user’s WiFi network by discovering the network password.

According to networking experts, while this is possible, it is quite unlikely that a hacker would be successful.

In his post, rizvanrp said that disabling the router’s remote management function would stop anyone from outside the local network from accessing the router settings.

TM said it is aware of the situation and is preparing an official response.

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights

Next In Tech News

Parents in China laud rule limiting video game time for kids
Deliveroo France to face court over 'undeclared labour'
Texas startups mount fight against abortion ban-without big tech
Facial recognition can be used to track disease in cows
WhatsApp multi-device features: Linking brings advantages, but users will face issues
Robinhood testing crypto wallet, cryptocurrency transfer features- Bloomberg News
Cryptocurrencies post 5th straight week of inflows -CoinShares
Exclusive-Netflix offers free plan in Kenya to entice new subscribers
U.S. securities regulator probes Activision over employment matters
States rally around proposed U.S. laws to rein in Big Tech

Stories You'll Enjoy