General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsVerizon FiOS Quantum Router Advisory: Updates Pulled MAC Authentication, Bricking Those Devices
Last edited Thu Mar 7, 2019, 07:34 PM - Edit history (1)
.
In this day of security exposures, Verizon is taking leaps backwards in securing their clients.
1) They violated the first principal of router security. They force all router userids to 'admin'
2) They store all router configuration information on their website, probably in some unsecured cloud storage. This includes your WPA-2 keys, you know... the shit that you are supposed to keep private.
3) They just performed a firmware update, which pulled user's ability to secure devices by MAC Address.
The problem with #3 is that this was an untested patch, that removed the MAC Address Filtering option, but at the same time, orphaned router code is now denying all of the devices that were being filtered. Somewhere, a sticky bit is no longer being set to allow a MAC address.
This might require performing a Factory Reset on your router to gain access to those devices again.
====
So, if you have Verizon FiOS and all of a sudden all of your MAC filtered devices fail to connect, you might have been subject to this untested patch that essentially bricks your wifi devices until a reset is performed. When it comes back, you will still be unable to perform MAC filtering.
UPDATE: I performed a factory reset, and guess what I found now? They weakened the encryption key standards back to 2010!
They no longer accept: Less than, greater than, single quote, double quote, percent sign, semi-colon, left paren, right paren, And sign, plus sign, tilde and the squiggly above the tab key.
Now I have to update 12 devices to retrograde them.
.
hunter
(38,317 posts)But they're not going to tell you that.
TreasonousBastard
(43,049 posts)it's cheap and I'm too lazy to change. And it's just as well they handle any updates.
But a router? No way.
TheBlackAdder
(28,209 posts).
Right now, I have Private Internet Access VPN, and down the road I want to get a VPN-enabled router.
.
Mosby
(16,319 posts)Is verizon in the cable or dsl business?
TreasonousBastard
(43,049 posts)TheBlackAdder
(28,209 posts)TheBlackAdder
(28,209 posts)hunter
(38,317 posts)It would add a little latency, but no worries for most users, essentially turning the Verizon router into a dumb modem allowing you the finer control of a router you truly own.
It seems that even if you "buy" this Verizon router they still control it.
My own AT&T system compatible "DSL+" modem, which I own, is as dumb as a rock. It's attached to my router, which I also own, that I have very fine control over. It's set up so Netflix get's first priority on our television, our known home computers and guests second priority, and anyone and everyone else within wifi range can share whatever's left of our limited-only-by-bandwidth internet connection.
TheBlackAdder
(28,209 posts).
Their support sucks, they didn't back off a broken patch.
I can't even get the devices to work if I CAT-5 them to the router. The router is still locking them.
.
TheBlackAdder
(28,209 posts)fescuerescue
(4,448 posts)Time Warner did this a few years ago. They replaced the Cisco provided (and licensed) software with their own crappy software. Sounds like what has happened here.
ISP's have a HUGE incentive to develop their own endpoint firmware. If they can save $10 a month per user in license fees, its the same as raising everyone rates $10. It's enough to move the needle on their stock price typically. The problem is, ISPs SUCK AT IT!
As for #1, admin isn't that big a of a deal and hardly hardly the 1st rule of router security. The userid is known as a well known secret. It's the password that is secret. Back when I used to manage security vulnerability response for a well known massive router manufacturer, I wouldn't even issue a psirt/cert advisory on that, but I would tell the development team to make the userid user selectable (where 90% will end up using admin, supervisor, root, etc, and the other 10% using their own standard userid that everyone knows)
#2. Could be a problem. Depends on how they store the credentials. but I don't like it.
#3. Just incompetence. As I mentioned, ISP are rank amateur when it comes to endpoint firmware.