Does Your ISP Provided Firewall Contain a Hidden Backdoor?

One thing we always advise our clients to do is to procure their own firewall.  In fact, we’ve written an entire blog post about different types of firewalls.  Our reasoning for suggesting having your own firewall is that your internet provider doesn’t always take the security precautions they should on their devices, such as changing default passwords.  Also, if you use the ISP supplied device, they have been known to change settings, without telling you, which can mess up your network.

Arris, a popular manufacturer of modems for ISPs, was in the news in 2015 for some significant security issues.  Back then they were hammered for backdoors in their line of cable modems.  These backdoors would allow people into the modem to do things like … change your DNS settings.  This may not sound like a big deal, but by changing your DNS settings, they can control where you actually go when you type in a website such as google.com.   So instead of going to google.com you actually end up going to some really bad site they control that downloads malware to your computer.  This flaw dated back to 2009, Arris just never fixed it.

So last month, researchers found three different hard-coded backdoors in two of their modem/wireless devices that service DSL customers.  Models NVG589 and NVG599 are the ones affected.  If you have internet service from AT&T, or another phone company, it is quite possible you have one of these models.  The issues they have would allow a remote user to access the device and do what they want.  Since these are wireless models, and not just modems, that means the backdoor gives an intruder direct access to your network.

Now, we aren’t saying that every firewall you buy is going to be flaw free, because that isn’t true.  There was a case where Belkin put out some pretty bad products in the past couple of years, so it is more of a case of knowing what you’re getting.  We recommend sticking to long time players in the industry when in doubt (once again, check out the previous blog post for more details).

What to Do If You Have an Affected Device

Here are steps you can take to mitigate the issues, but they aren’t for the faint of heart as they are complex and technical.  Instead we suggest first getting your own firewall and setting it up.  Then contact AT&T (or whomever) about getting their device replaced with a secure one.

 

If you need assistance with your cyber-security or firewall, contact us and we’ll be happy to provide what assistance we can.

Submit a Comment

Your email address will not be published. Required fields are marked *

Get our updates by email!

Get our updates by email!

Sign up for monthly updates and maybe even a special treat from time to time. We are IT guys who hate spam so we promise it won't be often.