Little Introduction:
On March 2010, Telekom Malaysia Berhad (TM) launched its High Speed Broadband (HSBB) service, called ‘UniFi‘. TM’s UniFi high speed broadband packages comprises services of high speed Internet, video (IPTV), and phone, with speeds of 5 Mbps, 10Mbps and 20Mbps.
Upon sign up, the customer will receive 4 pieces of equipment:
- Fiber Broadband Termination Unit (BTU), ie. where you connect the fiber optic cable into.
- WiFi router (D-Link, D-615 with custom firmware), which is plugged into the fiber BTU.
- Set-Top box for IPTV and VoD, which will plug into the WiFi router.
- DECT phone plugged into the Fiber BTU.
I’m not going to rant about the UniFi or TMNet’s services, nor speed, nor the much debated bandwith cap that TM said they’re going to impose.
I’m going to talk about the security (or the lack thereof) of the default WiFi router setup.
Once the customer signed-up for UniFi services, the TM’s technician will do all the equipment installations in your premises/homes for you. Nice, BUT, the default WiFi router setup done by the technicians has very low security features:
- The router is not configured to drop ICMP packet, making an attacker able to ping those unprotected routers, telling him it’s alive and connected to the internet.
- The firewall is disabled.
- The router has remote access enabled. Making it worse, it has no authorised IP filter (has default config of 0.0.0.0, meaning anybody, anywhere, can log in to your router web interface). The web interface port number are also set to default.
- And the BIGGEST, BADDEST flaw: The router’s Administrator password is still the default ones!!
With the default configurations as above, even a child with a web browser sitting miles away could go into your routers!! I’ve done this personally, where I can easily scan a range of UniFi’s IP addresses, and log on to their routers.
I understood if the above setup is to ease TM’s effort to do some troubleshooting/support remotely for their customers. However, The least they can do is change the default administrators password for the WiFi routers! Change the password to something unique for each customer. They still can keep records of the users router’s password if they need to do troubleshooting/support purposes remotely.
Not all TM’s customers are technically savvy to secure their own home networking. So, the purpose of this article is to share/educate/guide some basic protection for your home network.
Secure your home network:
Login in to your router’s web interface. Open a web browser, go to http://192.168.0.1 . You will be prompt for admin username and password. Open your D-Link Router manual for more info.
1. Change your Router’s Administrator password.
- Go to ‘Maintenance’ tab, under ‘Admin Password’ section. Rename your password there.
2. Rename your Wireless Network Name/ SSID.
The default SSID has the customer’s name, i.e.: myfirstname@unifi. This possible could leads to privacy issues, as outsiders knows who’s using what ISP services (UniFi, Streamyx, etc).
- Go to ‘Setup’ tab, click ‘Wireless Setup’ menu on the left.
- Under ‘Multiple Wireless Network Name (SSIDS)’ section, click ‘Multiple Wireless Network Name Setup’ button.
- You will be taken to a page with ‘Wireless Network Name’ section. Rename your existing Wireless Network Name/SSID there.
3. Disable Remote Access to your router.
- Go to ‘Maintenance’ tab, under ‘Remote Management’ section. Un-check ‘Enable Remote Management:’ check box.
4. Enable Firewall
- Go to ‘Advanced’ tab, click ‘Firewall & DMZ’ menu on the left.
- Under ‘Outside Firewall Setting’ section, checked the ‘Enable WAN to LAN Firewall :’ check box.
- Then, checked all the check box inside the rows of ‘DOS ATTACK’, ‘POST SCAN ATTACK’ and ‘SERVICE FILTER’.
- To find out what all these settings do, feel free to Google each of the check box descriptions.
Few suggestions to TM, I strongly recommends that the technicians doing the UniFi’s installation, increase some level of customers home networking security. The very basic they can do is to change the WiFi routers default administrator’s password upon installation, and keep that password if they need to do troubleshooting/support purposes remotely.
Be safe.
Home Automation & Networking – A complete guide on how to Automate & Network your Home, ranging from a simple installation to a total integrated Home control system.
I googled on how to change the wireless network name and found your page. Thank you so much for this piece of information. I’ve followed through all the steps you listed. I should be secure now. 🙂
Glad we could help 🙂
Nice and basic guide for the average Unifi newbie.
Just thought you should also mention the guide posted by Rivzan @ http://unifi.athena.my/index.php
The guide is to setup so that you can use your own router hardware to do the actual routing, whereas the DIR-615 router that was provided free when you subscribed to unifi, would only be used to do the vlan tagging.
@Moogle: Nice info.
Just notice another problem with Unifi HSBB service. When subscribing to the service an email address is given out with a password. You can login to the email using the given password but you are not allowed to change the password! This means that anyone along the way from the person who took your order to the installer and probably lots of system people know your email id and password. Anyone of them could pass this information along and someone out there could be using your email id to send out malicious emails without your knowledge. Do not be surprise is the police come knocking on your door to arrest you for sending seditious emails even though you did not do it.
I just got off the line with the unifi support. Spent a long time waiting for someone to pick up the call and when someone finally picks up, they just dish out crap, lies and nonsense. According to their helpdesk operator and also his supervisor the user cannot change the password because of the following: –
1. User has not paid for the service – implying that additional charges for using email
2. No additional charges for email but must paying something first – pay for what? they do not know!
3. No system in place to allow user to change password!
4. System to change password is not ready yet
5. Will allow user to change password after unifi makes announcement – on what? nobody knows.
6. After 1st July can change password
7. After 1st July can change but must pay something first – pay for what? – they also do not know?
8. User cannot change because unifi needs to control the user and have the password to help the user!
9. Cannot suspend email account because we do not have the system to do so!
10. Lots more crap from them!
Just pick any on the above reasons if you can trust them.
Right now they cannot guarantee that email id will not be used by anyone.
Looks like unifi is being run by a bunch of clowns who does not know or care about security and accountability.
Must be true when people say Malaysia Boleh, TM Tak Boleh!
Thanks for the tip on securing ‘our home network’, as I am technically illiterate. I had my unifi installed today and had changed as per your instructions. Yes, I cannot change my email password as yet, hopefully I’ll get some news tomorrow (from a friend in tm)….but at least I managed to set-up the email account on my windows mail (the installer did not know how though).
Thanks again. JL
I just installed Unifi in my house (ground floor), after installing, I was not able to access to internet via my Aztech USB adapter which I used to use for my PC at first floor. What should I do
TQ
There could be tons of reason why you’re unable to access the internet. Giving details, or googling might help. 🙂
Just install UNIFI BIZ10..mmm what i can say is FAST!..I can download movie less than 1 hour. Damm good..How ever, a bit latency and still need to monitor the speed.
Can’t access into http://192.168.0.1 Just had my unifi fixed. Has these issues been fixed as I was not even remotely aware of them till now.
cinafong, try accessing 192.168.1.1
I think something is wrong with your post. You say people can simply connect to your router and access the router settings pages?? This is not true in my opinion. When TM setup your wifi router they already protected it with that 13 digit password right? or yours is set to open? you can set a passcode for a wifi connection for your router.
In order to get connected to your router at 192.168.1.1, you need to connect to the wifi FIRST. so it does not matter if your router is having default admin passwords because nobody can access your wifi router (unless they have that 13 digit passcode). ; )
By default (on the time this post was written), your router are enabled with remote access. Also the default Admin and Operator router password were not changed. All I need is your IP address. By using a web browser, I can type in your ip address, and I will be prompted with you router web interface.
I don’t need to connect to your wifi. I wouldn’t say if haven’t done this personally.
Hi,
I tried to change my WIFI password but failed. I followed your instruction and the page asked me for my username and password and I put in the default but it didn’t work. FYI, I’ve never changed anything since the installation, so it should be the default one, right? Please help.
TQ
It should be the default password. Contact Unifi tech support to get your username/pwd, or reset your router.
Thanks for your prompt reply. According to the D-Link Manual, the default usename and password are ‘admin’ and two asterics but still didn’t work.
Pwd in the d-link manual wouldn’t work, as it’s already changed by tmnet.
i need home help. my phone cant detect my home wifi. is there some special settings i need to set for TM unifi ? my router is dlink 615
Can’t switch to different router for unifi..is this still the case?
You can bridge with a different router:
http://unifi.athena.my/custom_routers.html
Hi to u-n-i-f-i user..
Just wanna share with all of u…d-link unifi modified router was a big problem for me…I have asked TM to change my faulty router again last 2 months and that was my third unifi modem router being replaced…what a quality they’re giving us compare to what we are paying. They claimed that it was being modified to cater the IPTV…whatever but ‘pleaselah’ TM from the date of my complaint it took me 14 days without any internet connection and I’m paying for unused connection…..anyway the speed is there…but hopefully TM will provide the best service coz MAXIS is on their way to give maybe a much better service.
thank you so much Nazham, – very interesting read.
I want to use WIRED only inside my house – due to wanting to avoid DNA-distorting radiation from WIFI and also due to huge security issues with WIFI. Therefore, in your opinion, do you think UNIFI would be a good solution? I am thinking of chucking the WIFI router TM provide and getting a wired router. Would i be the first in Malaysia to do this? I hate being on the bleeding edge!
thanks again.
It’s possible to use your own router for Unifi:
http://unifi.athena.my/custom_routers.html
Dear Nazham,
“will be taken to a page with ‘Wireless Network Name’ section. Rename your existing Wireless Network Name/SSID there.”
1) After remne above, do i untick the box??.
2) If i only prefer not to use wireless, wat can i do to prevent outsider to access to my router.
Thank you Nazham.
Here you can change your unifi e-mail password http://petuaterbaik.kaer-media.org/2011/04/change-unifi-email-e-mail-password/
Dear Nazham,
I got a question to ask you.^^
How far is the coverage of WiFi of your D-Link DIR-615 Router?
My DIR-615 just has only 5 Meters range?
I never actually measures the coverage, but it can cover my whole house.
Thumbs Up for your subject my brother 🙂
Really, I want to thank you for this valuable information. In my opinion the router that TM created is very bad. I think if they leave the original one from D-Link will be better. In addition, I have a question, How can i install and use the Shareport technology which located at the front of the router? I don’t know some people say it’s not usable !!!!!! Is it real? ! Because I want to try it for my Printer
I believe the usb port on the router are unusable. 🙁
Thanks a lot for your quick reply. This is another indicator to make this Router from TM not good.
I tried to follow the steps at that link to setup the USB at the router but one step is to upgrade the Firmware and this is will affect the settings:
Here is the link: Have a look 🙂
http://www.dlink.com/shareport/