Thousands of Telekom Malaysia's Unifi/Streamyx open to easy hack

There are thousands of TM Unifi/Streamyx home network out there which are vulnerable to an easy hack.

Thousands of Telekom Malaysia's Unifi/Streamyx open to easy hack 1

Discovered in late 2013 and acknowledged by TM, the hack allows anyone from the Internet to hack into the Unifi/Streamyx Dlink DIR-615 router supplied by Telekom Malaysia.

Thousands of Telekom Malaysia's Unifi/Streamyx open to easy hack 2 TM Dlink DIR 615 Login Page

In default setting of the Dlink DIR-615 router supplied by TM, the Remote Management settings is turned on. This feature allows the owner of the account to remotely access and manage their home network from anywhere around the world. Most people are probably not aware of this feature and don’t even use it.

These days home network is not just about surfing the Internet via Wifi, people also connect their CCTV/IP Camera and their hard disk/cloud storage to the Internet.

The Dlink DIR-615 router basically manages your home Internet network. It sits between you, your PC, IP Camera, cloud storage, etc and the Internet.

The Dlink DIR-615 router supplied by TM is easily hacked, even with the best strongest password out there, if remote management is turned on(this feature is turned on by default). Even without Remote Management turned on, the Dlink DIR-615 router supplied by TM is also hackable if someone has access to your Wifi network.

Thousands of Telekom Malaysia's Unifi/Streamyx open to easy hack 3 Username & Password of the Dlink DIR 615 are easily retrieved without logging in.

Not only that, you router password can be easily retrieved (without logging in, see image above), and your secure Wifi password can be seen too. Or someone could use a Super Admin password that is easily found on the Internet to access the Dlink DIR 615 router. Thanks TM.

What is the worst case scenario? You could be visiting a fake Maybank2u banking site and entered your username/password. Everything you do on the Internet are watched, EVERYTHING. If you home cloud storage is poorly secured, no password, then all your data may have been accessed. Similarly, someone could be watching you or your family via that IP camera.

At the point of wring this, this Dlink hack is real and easy. There are thousand at vulnerable Dlink DIR-615 routers out there (maybe even more) and a number of poorly secured IP camera that are easily accessed.

I don’t want to explain the step by step here but Keith Rozario has a “tutorial”. See here- http://bit.ly/1mx3GZ7

Or check out this video: https://vimeo.com/98848750

How to solve this problem?

  1. Change any wireless router supplied by TM. It may cost you abit, about RM200 for a new secure router. I personally recommend TP-Link (http://bit.ly/1KKS3JC) but you could always go for the more expensive ones like Asus. I would avoid all Dlink products.
  2. Secure your home network by enabling strong passwords on your cloud storage (WD Cloud/Seagate,etc) and your IP Camera. Keep the firmwares up to date. Also turn off Remote Management if you don’t need it.

There many tutorials on the Internet on how to secure your home network, or you could read this- http://www.malaysiainternet.my/2015/02/secure-wifi-network-home/

What routers do you use at home, do share in the comments.