In the course of using my internet connection I discovered that my home internet connection was very insecure because my ISP had not bothered to secure it. What follows is a very technical article. If you are a layman or not interested in the technical aspects just read the layman section below and skip to the last section.
Recently I was using my home WiMax internet connection and made a very disturbing discovery. While on previous occasions my ISP had always put me behind its firewall and given me a non-routable IP address and connected me to the internet using its own servers which I shared with with others, it seemed that for some reason the team there had changed tact and decided to give me public IP addresses and a direct connection to the internet instead.
That was pleasing news for the most part. It meant I could now comfortably enjoy making secure shell connections to my servers without worrying about the connection constantly dropping among other things.
It also meant I could easily reach my home computers whilst on the go and to that end I created a nifty little script that automatically updated my Cloudflare DNS records so I could access my computers at home using an easy URL in the format such as decoder.garikai.net instead of the hard-to-remember IP addresses such as 184.108.40.206 which are always changing anyway.
The incident (technical mumbo jumbo ahead)
I was floating in a cloud and thought nothing could bring me down. That’s when it happened.
You see my home connection is always hopping from the best Base Station(Booster) to a less ideal one once every six days or so. It’s not a big deal either because all I need to do is login into the router, disconnect and reconnect the connection and I am all set.
During the process of trying to reset my connection I made the mistake of entering my URL instead of the local IP address of the router. I was presented with a somewhat unfamiliar logon screen but since it said “Green Packet” (the name of the company that made my modem)on the corner I assumed this was only due to the router having updated its firmware since my ISP has it set on auto update.
It was only after I was able to log on and discovered an unfamiliar base station ID in addition to the really unfamiliar admin area. This device also seemed to be WiFi capable when mine is not. Shocked I quickly logged off and tried to log on using the local RFC 1918 IP address instead and sure enough it turned out that I had accidentally logged into someone else’s internet connection.
What this all means is that I inadvertently “hacked” into someone’s modem because it was set up in an insecure way and had a password similar to mine because both mine and this modem had the same default passwords and were exposed to the internet.
What had just happened (The Geeky terms).
I had accidentally set a very high TTL value for my home DNS record. This meant that every-time my home ISP changed and was updated using the update DNS which I had put in both the ifup and ifdown folders in my Ubuntu machine it would take a while to propagate across the internet.
So when I used my domain to try and access the CPE interface I was actually login on using an expired IP address which had already been allocated to someone in that short space of time.
I decided to investigate this deliberately and made an even more shocking discovery. It seems I could pretty much view any of my fellow ISP’s customers’ CPE interfaces.
Given how most people tend to erroneously believe that their ISPs have done all that is required to protect them I had no doubt that all these customers had never even bothered to change the default username and passwords which I had just discovered were the same for every device due to my previous error. With the Facebook row still fresh in my mind I resisted the urge to logon into these CPEs as this might be considered unethical.
My ISP has not adequately secured the modems (CPEs) that they give to people which means they are vulnerable and can easily be hacked into even by someone as hopeless at using computers as myself. Most devices use the same default password that is almost universal to most routers and modems.
The ISP episode
Enraged, I decided to call my ISP’s customer support only to spend a whole full hour without making much progress. How can an estimated wait time of 6 minutes turn into an estimated wait time of 17 minutes while one is on hold the whole time is beyond me.
I wasn’t about to waste precious minutes of my time trying to do what was clearly impossible so I have settled for the next best thing: Warning you, the customer and tell you that you might not be as safe as you think.
Two essential things you should do but your ISP might not tell you.
You need to install a firewall on all your computers so that you can control and monitor the traffic that comes in and out of your machine. Most people’s computers and internet connections are being used as part of botnets without them being the wiser.
- On Windows: Windows comes with a built in firewall but I prefer Avast’s firewall myself. You should always remember that in the Windows world the best things are usually the ones you paid for, something AVG free people learnt the hard way.
- On Ubuntu et al you can always use ufw (uncomplicated firewall). If you are one of those people who is irrationally afraid of the command line you should make use of the many available GUIs for this utility.
- On Android you can use Mobiwol’s firewall. It does not require you to root your device and works by craftily creating a VPN connection through which you can filter your traffic. It is also a good way to save on your data costs and solves the mystery of disappearing airtime.
I feel like I need to say it again: You need a firewall to protect yourself from the bad world out there.
The second thing that you need to do is to change the default passwords on all your devices. Only an imbecile would use a joe for a password in this day and world. This is when the username and password is the same and yet it would appear that is exactly what my ISP does. Utterly shocking I know, but still true.
While most devices come with safeguards that prevent this from happening it seems Green Packet and my ISP are yet to get the memo. Change the password to something you can remember but is sufficiently complex enough to thwart and fend off all non-nonchalant attempts to break in.
Upgrade your device’s firmware on a regular basis. This applies to your WiFi router and CPE. Make sure to speak to your ISP about the latter but there should be no reason why anyone would defer from updating to the latest firmware but sometimes firmware updates might bring compatibility issues.
If, for some reason, your ISP does not want you to update your firmware or as in my case they set up an auto update that clearly does not work, make sure to scream at them and call them names until they repent and mend their ways.
We live in a perilous world as far as internet security is concerned. With more and more people using online services security can only become more important. Coupled with the fact that broadband is becoming commonplace the basic steps outlined above cover the bare essential steps that you need to take to make your connection acceptably safe.
Trusting your ISP to do this on your behalf is clearly moronic as most of them cannot be bothered.