News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • A couple of questions about my internet modem/router box

    Home Forums AskWoody support Connected home / Internet of things Questions: Other home/IoT products A couple of questions about my internet modem/router box

    This topic contains 3 replies, has 3 voices, and was last updated by  MrBrian 1 year, 11 months ago.

    • Author
      Posts
    • #143393 Reply

      anonymous

      I have some questions about an “Other home/IoT product” – my modem/router box thingie.

      I posted about this topic yesterday, but I wasn’t sure whether to put it in the “Security Advisories” subforum or here in “Questions: Other home/IoT products”.

      I figured that it was an important-enough security issue potentially affecting enough readers to warrant its being put in the Security Advisories area. (I searched for a prior mention of it on this site, and it didn’t appear to have been brought up yet.)

      But at the same time, I didn’t know if that were a spot on the forum where I would get many replies to my questions about the issue, so today I thought I’d pop a post into this subforum, regarding my questions.

      below is the description of the issue, from: https://askwoody.com/forums/topic/att-customers-with-arris-modems-at-risk-of-remote-hacking-some-questions/

      Regarding modems Arris NVG589 and Arris NVG599, which are standard equipment for AT&T U-verse customers

      Arris Modems and Routers Have Major Security Flaw
      “If you use an Arris or Motorola broadband modem, router or gateway provided by AT&T, better check your network device’s configuration.
      Texas-based information-security firm Nomotion has found five serious security flaws that could let hackers take over your network, inject ads into the websites you view and even directly attack devices on your network….”
      https://www.tomsguide.com/us/arris-att-router-modem-flaws,news-25787.html

      Three Hardcoded Backdoor Accounts Discovered in Arris Modems
      https://www.bleepingcomputer.com/news/security/three-hardcoded-backdoor-accounts-discovered-in-arris-modems/

      Alert: AT&T customers with Arris modems at risk of remote hacking, claim infosec bods
      https://www.theregister.co.uk/2017/09/01/att_customers_with_arris_modems_at_risk_claim_infosec_bods/

      Router flaws put AT&T customers at hacking risk
      http://www.zdnet.com/article/flaws-in-att-routers-put-customers-at-risk/
      (When he says the flaws can be “easily mitigated”, I’m not sure that most of the other articles I’ve read about this would agree completely with that. It seems that different articles point out slightly different issues and solutions.)

      SharknAT&To
      https://www.nomotion.net/blog/sharknatto/

      U-Verse Arris Modems with HUGE security vulnerabilities
      Customer question: “So, its been about a week since the Security Vulnerabilities for the AT&T Arris NVG589 and NVG599 Modem/Routers were published. Now that there is a public disclosure, has anyone seen any response or proposal for solution from AT&T?”
      Another customer’s reply: “Horrible chat on this and another topic Tuesday. Two separate telephone transactions today. THEY HAVEN’T HEARD OF IT! No one apparently watches anything or cares.”
      https://forums.att.com/t5/AT-T-Internet-Equipment/U-Verse-Arris-Modems-with-HUGE-security-vulnerabilities/td-p/5258081

      =====
      My questions

      I have had an Arris NVG 589 modem from AT&T for 3 years.

      I have no idea how, since my finger is not exactly on the pulse of random technology news, but I had actually read about this issue in the first part of last month. I had only read an article’s headlines, I didn’t dig into the details.

      The reason I didn’t get into the details of it, even though it’s my model of modem, was that I had already ordered an upgrade in my internet speed from AT&T, and the telephone rep had told me that they’d need to replace my modem as part of the installation, so I thought that I wouldn’t have the NVG 589 much longer.

      I had to wait 3 or 4 weeks for the installation. The phone rep said it was necessary for an installer to come out and for me to meet with him in the house, etc.

      He was supposed to come at 4 pm. He called when he was parked outside, at 9 am. He was not apologetic about being so early. Harrumph.

      After doing something outside for a couple of minutes, he said that it was down in his book as a “self-install”, so he didn’t have to do anything inside the house at all. Argh.

      I asked him where my new modem was, and he said that he wanted me to keep what I had. I said, “Well, I’ve read recently that the Arris NVG 589 has a lot of vulnerabilities and I thought I could get a safer model from you.”

      He looked at me like I was talking nonsense, and he said, “No, there hasn’t been any announcement like that. I haven’t heard anything like that.”
      I said, “Yes, there have been articles on several different tech sites, it’s apparently a big issue.”

      He looked at me like I was a silly mixed-up little gal, and condescendingly told me that this modem is the most safe and up-to-date that AT&T has, so I must be mistaken.

      I said, “Okay, are you done here?”

      He whipped out his cell phone and said, “Which is your modem’s name, is it ‘xyz’? What is your modem password?”
      I looked at him like, “Why do you need that?”
      He said, “I want to do a speed test on the new connection speed.”

      I wasn’t going to give him the security password, so I said that I didn’t know what it was, and then I pulled up AT&T’s speed test website on my computer (I have it as a Favorite) and ran it.

      Then he got overfriendly, leaning over me, with his strong cologne giving me a headache, and I just wanted him to go. Bleuch.

      [Ever since the installation, my Norton firewall has had a new warning message many times a day that something is trying to connect to something, but I’ve looked it up on the Norton customer forum, and apparently it’s not something to worry about. I don’t expect that this issue is connected to anything else in my story here, but just for good measure I rebooted the modem box and changed its passwords. Norton still shows the firewall message.]

      I may call AT&T and see what other modems they have, and tell them that I was told by their phone agent that the installer would be bringing a new modem to me, but when he was here, he wouldn’t give me a new one from his truck. Surely I could pick one up at the AT&T store or they could mail one to me.

      However, it is possible that they don’t actually have many other modem models now, as the articles above talk about this one being in widespread use amongst their Uverse customers.

      And it sounds like, from what the technician ignorantly said to me in my house, and from the AT&T customer forum conversation that I quoted above, that the AT&T people don’t know much about this issue and don’t care.

      If AT&T tells me I have to keep the Arris NVG 589 modem, should I worry about these security flaws?
      (They never pass along manufacturer updates for it, and you can’t find any manufacturer updates on your own for this, so that’s not an option for making it safer.)

      Should I buy my own modem/router box thing — would that work, or would AT&T not allow it?
      (I’ve never supplied my own modem, so I know little about the process.)

      —–
      If I bought a new modem thing for myself, one good thing about that is that I could also try to find one that was already patched for the separate security issue of the “KRACK” vulnerability,
      which my Arris modem is also subject to, since Arris hasn’t done anything about it and probably never will:

      WPA2 security flaw puts almost every Wi-Fi device at risk of hijack, eavesdropping
      “A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack.
      The bug, known as “KRACK” for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks.”
      http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/

      Here’s every patch for KRACK Wi-Fi vulnerability available right now
      “Arris: a spokesperson said the company is “committed to the security of our devices and safeguarding the millions of subscribers who use them,” and is “evaluating” its portfolio. The company did not say when it will release any patches.”
      http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/


      P.T.

    • #143443 Reply

      MrJimPhelps
      AskWoody_MVP

      This is the best place to ask your question, because we don’t currently have a specific forum for modems/routers or for internet service.

      Your experience with AT&T reminds me of how it was for me with AT&T in prior times. Where I lived, we had AT&T (DSL) and Cox (Cable) for internet service. I switched from AT&T to Cox, and I immediately felt like Cox actually wanted my business, as opposed to AT&T, who seemed to feel entitled to my business.

      You are right in wanting a different modem. Also, if you are going from DSL to Fiber Optics (sounds like it), you will need a new modem.

      From some comments I read on AT&T’s web site, they don’t allow you to bring your own modem – you have to use their equipment.

      https://forums.att.com/t5/AT-T-Internet-Equipment/Arris-NVG589-Can-I-use-with-ATT-Fiber/m-p/5041933#M22732

      If you have a choice in internet providers, I would consider giving AT&T an ultimatum — either give you a different modem or you’ll switch to someone else.

      You probably do have a choice in internet providers — you could get Verizon home internet service. In many areas, Verizon offers 4GL, which is a pretty good speed, although nowhere near as fast as fiber optics. Also, you won’t get unlimited data with Verizon home internet.

      Go here for more information:

      https://www.verizonwireless.com/home-office-solutions/verizon-lte-internet-and-home-phone/

      All of the cellular companies offer cellular hotspots. Verizon Home Internet is better, because they put a cellular antenna on your house, and then wire the house.

      Good luck.

      Group "L" (Linux Mint)
      with Windows 8.1 running in a VM
      • #143688 Reply

        anonymous

        @mrjimphelps,

        Thank you for your response and for even providing me some links!

        I will have to look into whether the new connection is with fiber optics and, if so, whether the old modem is even appropriate – I didn’t know the connection type would be a factor for the modem.

        The speed increase tangent started out when I called AT&T to see if they could reduce my bill, and the rep said that the only thing she could do would be to give me a higher level of service for the same price — I could get an increased speed (I think it’s officially 16 or 18, though my speed tests are showing it at over 20) at same price as my old speed (which was just 1!). She didn’t say what sort of connection it would be, so I assumed it was the same as the old connection.
        She said that the installer would have to come into the house for the installation, that he/she would explain everything, and that he/she would have to provide a new modem, so I didn’t ask too many questions on the phone (after I made sure that it was only a month-to-month agreement, with no time-bound contract).

        There aren’t many choices in my area for internet – I think it is just AT&T and Comcast. I am presently limited to AT&T for internet because of a wireless/landline/internet bundle that I don’t want to split up or move to Comcast.

        It rings a bell that AT&T requires their own equipment to be used — that is probably why in the past I’ve never gotten very far in investigating what it would take for me to provide my own modem router thingie.

        It can’t hurt for me to call them and find out what sort of connection I have now and find out if I was supposed to get a new modem from the installer,
        then ask them for a new modem in any case, one that isn’t vulnerable to the ARRIS NVG flaw.

        One suggestion I saw online when I was looking into these 2 modem vulnerabilities, the ARRIS NVG598 flaw and the KRACK flaw, is that the customer can keep using the supplied modem from the phone company which is vulnerable to the flaws, but then connect it to a customer-supplied standalone router that is known to not be vulnerable to those 2 security flaws, and connect the customer’s computer/cell phone/printer via this protected router to the modem. Does that sound possible/sensible/protective?


        P.T.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: A couple of questions about my internet modem/router box

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.