Luddites and Technology, an update (yup, still hate it)
Hi all,
This one was supposed to be fairly quick, but it got loooong. It's primarily for those of us who use wireless internet at home (most of us these days, I think). I got a nasty surprise these past few months. I started getting emails through the notice and notice system regarding copyright infringement for a bunch of content I've never liked or even wanted. Content I certainly did not download. Needless to say, I didn't know much about network security, so after reading up on it, I
assumed it was an IP spoof or something and reset my modem to get a new IP address. Only that didn't help. More, while I was looking at the notices, I began to see a pattern. The same port was being used each time, which made me suspicious that it was the same user. If it was an IP spoof, that wouldn't be happening (since apparently they don't receive data).
So I looked at the modem's connected devices list and found a whole lot of unauthorized computer names and devices. This really freaked me out, because my password's decent (ie. as most of us know, it should be a mix of capitals, symbols and characters, and not whole words). Naturally I changed it and again reset my IP address. No dice. Still had unauthorized connections popping up and still getting nasty emails.
So I did a little more digging. Here's the nasty surprise. Apparently Bell modems have/had a critical vulnerability in their WPS (Wi-Fi Protected Setup) for awhile. WPS, for the uninitiated, is supposed to be an easy way to connect devices with the press of a button on the front of your modem. Problem is, it's not very secure even when used properly. Now, Bell has been patching this vulnerability for about two months now, but updates are ongoing and if you've been compromised, that will remain the case until you either fix the issue, disable your Wi-Fi or get a new wireless modem.
Here's a rundown of the vulnerability (in very brief form). There are better explanations out there. Basically, if you have the right tools, you can enter a default PIN code to get access to any protected wireless internet connection running on an unpatched Bell modem. Apparently WPS has been a security issue for a long time. However, the problem with the Bell modems is that even if you turn off WPS in your modem's settings, it will still kick back a key and/or your password for anyone who's asking.
I have no idea exactly how long this has been an issue, but my guess is ever since certain modem models started shipping several years ago. So, long story short, if you've got a Home Hub 1000 or 2000, make sure you update it as soon as possible by turning it off, waiting for a minute or so and then turning it back on. Make sure you check with Bell to ensure your modem has updated, or use network security tools to test to ensure it's no longer vulnerable. I personally think turning off WPS is a great idea, unless you absolutely have to use it. Going further - most online security forums/sites recommend setting the telecom modem to bridge mode (ie. no Wi-Fi) and using your own wireless modem because they can be much more secure. But that will cost you, sometimes hundreds of dollars. Still, it's definitely something to look into, as are various network monitoring software solutions for logging traffic. Just Google it. There are tons of options, although they aren't the easiest to use.
This is one of the aspects of technology that I hate. How no matter what you're using, there's a vulnerability that goes along with it. And when that happens, most companies don't openly acknowledge the problem until either it blows up in their faces or goes viral (or both). Until then, users are left to fend for themselves.
There is very little information about this particular issue out there. None of it has been provided by Bell. Not officially anyway - their tech support people are well aware of the issue, but don't mention it unless you specifically talk about WPS. There is no documentation anywhere listing steps to take to fix it. Call center staff are also (predictably) unable to provide details as to why they have not warned their customers via email or on their site that their infrastructure is (or was) compromised. The reason I say 'their' is because most of us are leasing our modems from Bell. Which means they own the modems and are therefore responsible for the security features on them.
Asking for a supervisor or someone higher up to talk to about the official stance on customer privacy, notifying customers about network vulnerabilities, the notice and notice copyright system and whether they have notified any of the rights holders who are sending out these notices that they very well could be harassing the wrong people got me hit with a brick wall. No call backs, no responses and no one available to provide clarification. A predictable response from a large corporation with stock on the open market. Any whiff of a problem might reduce the value of their company and irritate their stockholders. Or worse. As I understand it, if you don't take enough steps to secure your network, you could be found liable for activities that took place on it. I'm not sure how that would apply in a situation where a telecom itself is responsible for critical network vulnerabilities that can't be fixed by an end user, unless that end user happens to be a network security expert.
The point of all of this is pretty simple: I had to figure all of this out on my own. That's why I sometimes definitely hate technology. I pay for services because I don't want the headaches that go along with being an expert in every field out there. I am an expert in a few fields already - I don't have time or energy to spare most of the time to look at all this other crap. So as much as connectivity is great, there are plenty of people out there who are perfectly happy to exploit that connectivity for their own personal enjoyment/gain. A fact that applies to a lot more than just technology.
Which is why I now have to spend my precious energy and time paying attention to the random vehicles that park along the street around my home and check my connections daily to ensure no one's slipping through. Because I did think it was odd when a white pickup truck with a middle aged man inside was just hanging out at night with his laptop. Not illegal, but definitely odd. Now, however, I suspect it was, in fact illegal. I also suspect that was as close as I'll ever get to at least one of the dirtbags who compromised my network, stressed me out and sent me down a path of frustration and anger while I tried to this all fixed.
Now, while I believe I have plugged the hole so to speak, I did say earlier that everything comes with a vulnerability. How long until something similar happens again? And if it does, what will be the telecom's response? More of the same, I suspect.
Anyway, thanks for reading!
This one was supposed to be fairly quick, but it got loooong. It's primarily for those of us who use wireless internet at home (most of us these days, I think). I got a nasty surprise these past few months. I started getting emails through the notice and notice system regarding copyright infringement for a bunch of content I've never liked or even wanted. Content I certainly did not download. Needless to say, I didn't know much about network security, so after reading up on it, I
assumed it was an IP spoof or something and reset my modem to get a new IP address. Only that didn't help. More, while I was looking at the notices, I began to see a pattern. The same port was being used each time, which made me suspicious that it was the same user. If it was an IP spoof, that wouldn't be happening (since apparently they don't receive data).
So I looked at the modem's connected devices list and found a whole lot of unauthorized computer names and devices. This really freaked me out, because my password's decent (ie. as most of us know, it should be a mix of capitals, symbols and characters, and not whole words). Naturally I changed it and again reset my IP address. No dice. Still had unauthorized connections popping up and still getting nasty emails.
So I did a little more digging. Here's the nasty surprise. Apparently Bell modems have/had a critical vulnerability in their WPS (Wi-Fi Protected Setup) for awhile. WPS, for the uninitiated, is supposed to be an easy way to connect devices with the press of a button on the front of your modem. Problem is, it's not very secure even when used properly. Now, Bell has been patching this vulnerability for about two months now, but updates are ongoing and if you've been compromised, that will remain the case until you either fix the issue, disable your Wi-Fi or get a new wireless modem.
Here's a rundown of the vulnerability (in very brief form). There are better explanations out there. Basically, if you have the right tools, you can enter a default PIN code to get access to any protected wireless internet connection running on an unpatched Bell modem. Apparently WPS has been a security issue for a long time. However, the problem with the Bell modems is that even if you turn off WPS in your modem's settings, it will still kick back a key and/or your password for anyone who's asking.
I have no idea exactly how long this has been an issue, but my guess is ever since certain modem models started shipping several years ago. So, long story short, if you've got a Home Hub 1000 or 2000, make sure you update it as soon as possible by turning it off, waiting for a minute or so and then turning it back on. Make sure you check with Bell to ensure your modem has updated, or use network security tools to test to ensure it's no longer vulnerable. I personally think turning off WPS is a great idea, unless you absolutely have to use it. Going further - most online security forums/sites recommend setting the telecom modem to bridge mode (ie. no Wi-Fi) and using your own wireless modem because they can be much more secure. But that will cost you, sometimes hundreds of dollars. Still, it's definitely something to look into, as are various network monitoring software solutions for logging traffic. Just Google it. There are tons of options, although they aren't the easiest to use.
This is one of the aspects of technology that I hate. How no matter what you're using, there's a vulnerability that goes along with it. And when that happens, most companies don't openly acknowledge the problem until either it blows up in their faces or goes viral (or both). Until then, users are left to fend for themselves.
There is very little information about this particular issue out there. None of it has been provided by Bell. Not officially anyway - their tech support people are well aware of the issue, but don't mention it unless you specifically talk about WPS. There is no documentation anywhere listing steps to take to fix it. Call center staff are also (predictably) unable to provide details as to why they have not warned their customers via email or on their site that their infrastructure is (or was) compromised. The reason I say 'their' is because most of us are leasing our modems from Bell. Which means they own the modems and are therefore responsible for the security features on them.
Asking for a supervisor or someone higher up to talk to about the official stance on customer privacy, notifying customers about network vulnerabilities, the notice and notice copyright system and whether they have notified any of the rights holders who are sending out these notices that they very well could be harassing the wrong people got me hit with a brick wall. No call backs, no responses and no one available to provide clarification. A predictable response from a large corporation with stock on the open market. Any whiff of a problem might reduce the value of their company and irritate their stockholders. Or worse. As I understand it, if you don't take enough steps to secure your network, you could be found liable for activities that took place on it. I'm not sure how that would apply in a situation where a telecom itself is responsible for critical network vulnerabilities that can't be fixed by an end user, unless that end user happens to be a network security expert.
The point of all of this is pretty simple: I had to figure all of this out on my own. That's why I sometimes definitely hate technology. I pay for services because I don't want the headaches that go along with being an expert in every field out there. I am an expert in a few fields already - I don't have time or energy to spare most of the time to look at all this other crap. So as much as connectivity is great, there are plenty of people out there who are perfectly happy to exploit that connectivity for their own personal enjoyment/gain. A fact that applies to a lot more than just technology.
Which is why I now have to spend my precious energy and time paying attention to the random vehicles that park along the street around my home and check my connections daily to ensure no one's slipping through. Because I did think it was odd when a white pickup truck with a middle aged man inside was just hanging out at night with his laptop. Not illegal, but definitely odd. Now, however, I suspect it was, in fact illegal. I also suspect that was as close as I'll ever get to at least one of the dirtbags who compromised my network, stressed me out and sent me down a path of frustration and anger while I tried to this all fixed.
Now, while I believe I have plugged the hole so to speak, I did say earlier that everything comes with a vulnerability. How long until something similar happens again? And if it does, what will be the telecom's response? More of the same, I suspect.
Anyway, thanks for reading!
Comments