yongkailoon.com
Just another average weblog
Posts tagged tm
TM UniFi: Security Threat of the Router
Jul 28th
You know, the first day I got Unifi, I asked you guys (TMnet) if I would be able to use my own router. Well you said no. When I discovered the SSH daemon running on the router (which used a different password than the web user interface), you said you couldn’t disclose the password. An hour ago, I discovered that password and the reason why you won’t give it out.
TM basically planted a backdoor in everyone’s DIR-615 router.
What is this? What are all these hidden options in this special account you neglected to tell us about? You mean to say I could have used my own router all along? You mean people spent >RM1000 on Cisco grade equipment just because you didn’t want to tell them about this?
You mean in a sample group of 900 nodes, 600 of them who think their networks are ‘secure’ are actually completely open? Even those companies on Unifibiz which use the same router? WOW..
That’s right guys, TM named the “administrator” account on the DIR-615 as “admin” when there was actually a secondary administrator account with a higher access level. The VLAN settings were never locked out, that account which we all assumed was the admin (because they told us so) was actually a noob piece of shit with <60% access to the router. This account has the same user/pass across every Unifi router that has been given out so far and cannot be changed or even seen with the default ‘admin’ account.
—-
What’s the fix?
Untick remote management. If you have a firewall on it, block all the ports (TCP 22/23/80/8080/443) from WAN access.
UPDATE : If you’re a Unifi user on firmware 7.05, if you read everything in the management page you can find the username for this account. The pass is the same, once you get access log in and reconfigure your router security properly. I can’t believe not a single technician set this account up properly.
—-
FAQs
Some less tech-savvy people have asked me what this all means, so here goes:
Q: What is this and how is this possible?
A: Every consumer router has a username/password combination to access it. This is a basic security feature to ensure that only you (the owner) can access it. This Unifi router however, has two accounts by default. When TM installed Unifi in your home/office, they only configured the first account. The second account — which has a higher level of access was left configured with its default username/password. They also neglected to inform the customers (you) and their own technicians who did the install about this second account. As every Unifi user is ‘forced’ to use this router and this account has not been configured properly, every Unifi user is also vulnerable to have their routers accessed by unauthorized users simply by using this default account user/password combination.
Q: So what if outsiders can access my router? What does this mean?
A: The Unifi router is not just a simple box that sits on your network. It can be considered to be a full computer system and has the capability to run any executable that’s made for it. Since an outsider can access your router, he can also do the following:
- Turn your router into a proxy, if he commits any crimes online it will be traced back to you instead and you will take the fall for it
- Use your 10/20mbps Unifi account so he doesn’t have to pay for his
- Use up your bandwidth quota (once quotas are implemented) as much as he wants and you will pay for it
- ‘Spy’ on your Internet connection and view every site you are visiting
- Forward all connections to your home PC using DMZ, making your home PC completely vulnerable to Internet attacks.. if you have an open NAS (network attached storage) on your home network, he will be able to access all your files
And the list goes on and on..
Q: So how can I fix this?!
A: Make sure remote management is disabled (as it is enabled by default). With this enabled, anybody with this default user/pass combination can access your home router and perform the attacks I mentioned above. This fix however, doesn’t prevent people on your own LAN network from accessing the router. If you are running an open Unifi hotspot (shop wifi, etc) and you are using the default DIR-615 router, the only fix is to access this second account and change the password.
For an uploaded Router Security guide and VLAN bridging guide (to use your own hardware with Unifi), find it at http://unifi.athena.my
*All the findings on this matter are credited to rizvanrp
UniFi IPTV to Charge for Selected Channels
Jul 5th
Just when most people think that the UniFi service from TM is expensive, a good argument to it is the triple play bundle which includes Video, Internet and Phone which in short is the reason behind the VIP names of their packages. The IPTV which broadcasts interesting channels such as LUXE.TV HD, Fashion TV HD, STAR Chinese Movies, Channel News Asia and many more including our local free stations. However, TM has announced that some channels will be chargeable after this year’s Independence Day.
This definitely will put TM and UniFi especially in a bad position since now quite a lot of stations will be charged and what remains free is of course our local free stations. If this is really going to be done after the 31st of August, I don’t think the IPTV will be a success and it might soon just be a service for display purposes. Furthermore, say the RM149 for 5mbps is going to be more like a double play service rather than a triple play. One question that comes to mind is of course how much are the charges going to be? The pricing will definitely be a matter of life or death to the IPTV service since most users are already Astro subscribers, even if it is just a couple of bucks, people will still think twice since they are mostly subscribed to the paid satellite TV service.
What do you think of this? Will this kill off the IPTV service?
Malaysia Holds Most Expensive Broadband Title in APAC
Jul 4th
That’s right! Most of you who actually said that broadband access in Malaysia is very expensive while other countries are getting more affordable and faster at the same time. A study showed that telecommunication operators in Malaysia paid the most for their ethernet broadband lines in the Asia-Pacific region. With that being said, I guess Malaysia still is “boleh” in the telecommunications industry. This doesn’t exactly pinpoints TM alone, it applies to all the Internet service providers in the country.
In my opinion, I think ISPs in Malaysia should at least improve the stability and reliability of our connections and also providing us more bandwidth considering the monthly fees we are paying. Even if they choose to not amend the monthly fees, at least give us a better and faster connection! Malaysians have been waiting for the day when ISPs could provide a stable yet fast connection. However, it seems so near yet so far.
Malaysia telecom operators paid the most for their Ethernet broadband lines in the Asia-Pacific region while their peers in Hong Kong enjoyed the lowest access bills, according to a recent study by the Asia-Pacific Carriers’ Coalition (APCC).
Released on Jun. 14, the survey revealed that Malaysia topped four out of five categories–differentiated by network speeds–covering Ethernet broadband monthly rental and installation costs. It was second highest in the fifth category, revealed the study.
For instance, the monthly rental and installation cost for 2Mbps circuit would cost an operator in Malaysia US$4,564 but only US$374 in Hong Kong.
Surpassing Thailand, which was ranked second in the study, Malaysia had the costliest local Internet access lines in the Asia-Pacific region.
Only countries with the top two most costly bills, as well as the country with the lowest access bill, were ranked.
The study showed that Singapore, which was the costliest for telecom providers when the survey was last conducted in 2006, dropped down the list this year. However, the Republic was still “two to three times” more expensive than the cheapest country, Hong Kong.
The report also stated that demand for Ethernet broadband access has not only “continued to rise” but the demand for higher bitrates is also increasing. This upward trend is reflected by the availability of information, compared to previous years, on carriers requesting for 10Gbps access circuits.
The study, which Telecommunications Research Project Corporate (TRPC) was commissioned to conduct, gathered information from seven international carriers and looked at three forms of access platforms: Ethernet, leased lines and DSL (digital subscriber line).
For Ethernet broadband cost, the survey covered 13 countries–in which the seven carriers offered Ethernet services–and assessed the monthly rental and installation costs of various Ethernet access speeds: 2Mbps, 10Mbps, 50Mbps, 10Mbps, 1Gbps and 10Gbps.
Leased lines were “the most widely used leased circuits across Asia-Pacific”, according to the APCC study.
Of the 14 regional countries surveyed for leased lines access, nine countries saw their costs reduced in real terms since 2006. The five countries that bucked the trend were Malaysia, India, the Philippines, Taiwan and Thailand.
“We are disappointed to note that local access charges have risen in real terms in five countries since 2006,” said APCC President Simon Smith. “Our members continue to experience challenges in obtaining competitive local access price charges, which are often disproportionate to charges for an end-to-end international service.”
Smith called for “fair” local access charges as these were a “critical requirement” for the creation of a competitive communications environment.
He also encouraged regulators in the markets reviewed to “take the necessary and appropriate regulatory action” to lower access pricing.
Source: ZDNet Asia
What are your thoughts on the broadband situation here in Malaysia?
TM UniFi (HSBB) Pricing
Mar 25th
There is already a confirmed pricing for the recently launched TM UniFi high speed broadband (HSBB) service. A summary of the price details are as follows:
5mbps – RM149 (60GB monthly cap)
10mbps – RM 199 (90GB monthly cap)
20mbps – RM249 (120GB monthly cap)
*Price includes IPTV
Yes I know what you must be thinking for now, the monthly bandwidth quota! Well, I myself may not like it as well but hopefully this will serve as a fair usage to all the users. Well, it is now confirmed that once you go over the monthly bandwidth cap, the speed will be throttled down to 10% of the advertised speed of your package. As an example, if you’re on the 10mbps package, 10% would be 1mbps. The cap is spread evenly on a daily basis so if say the monthly cap is 60GB, every day you will have 2GB to download and should your data transfer exceed 2GB, there goes the throttle hammer on you.
All packages are inclusive of a DECT phone, a premise gateway (the modem/router) and a Set-Top-Box (STB). On top of that, there will also be free calls to all TM fixed lines nationwide and a very low flat rate of RM0.10 per minute calls to mobile phones and other operators nationwide.
With the packages announced, what do you think of it? Do share with me your opinion on this UniFi service! 
TM UniFi – HSBB Project Launched
Mar 25th
As some of you might already know, TM launched their HSBB project named ‘UniFi’ last night at Dataran Merdeka, Kuala Lumpur and the launching ceremony was witnessed by our very own prime minister. The full press release is as follow:
Telekom Malaysia Berhad (TM) delivered its promises of launching its next-generation High Speed Broadband (HSBB) service at Dataran Merdeka, Kuala Lumpur today at a gala launch event featuring broadband lifestyle showcases, interactive exhibitions and a live concert for members of the public. TM also unveiled ‘UniFi’, the new brand for TM’s high speed broadband service, which signifies the essence of the service of connecting and bringing people together to communicate and collaborate.
UniFi promises a world of faster, richer and more reliable online experience.
The launch ceremony was graced by the Prime Minister of Malaysia, YAB Dato’ Seri Najib Tun Razak, Deputy Prime Minister, Tan Sri YAB Tan Sri Muhyiddin bin Mohd. Yassin and other members of the government administration.
Datuk Dr. Halim Shafie, Chairman, TM, said, “Now that UniFi, our next-generation Internet infrastructure and service has arrived for Malaysians; we anticipate it will be a digital lifestyle changer as well as enabler for the vast majority of our subscribers. I am truly excited at this next phase of growth for TM where we are aiming to take our services to the next level.”
TM’s UniFi high speed broadband packages comprises triple-play services of high speed Internet, video (IPTV), and phone, with speeds of 5 Mbps, 10Mbps and 20Mbps. The IPTV service which makes up part of the value-add bundled service will be delivered via an 8Mbps connection exclusively and in addition to the data speeds subscribed by the customers. With IPTV, customers can enjoy 22 linear channels, Video-On-Demand and interactive services such as games, tourism information, etc.
The initial areas covered by TM’s UniFi are the 4 exchange areas of Shah Alam, Subang Jaya, Taman Tun Dr Ismail and Bangsar. In addition to these 4 exchange areas, UniFi will be expanded to another 22 exchange areas by June and a further 22 by December. That means, by year-end 2010, TM’s UniFi will cover 48 exchange areas with a total of 750,000 premises passed. This would include key areas such as Putrajaya, Cyberjaya and Iskandar Malaysia. A schedule of expansion and area availability is available on the TM website.
As of today, TM has already completed 311,000 premises passed, surpassing the target of 300,000 premises passed by the end of March.
“Premises passed” refers to the number of premises that are connected by UniFi and have the ready option to take up the service if they wanted to.TM will be engaging in awareness campaigns and direct marketing to the households and businesses in these areas. Interested customers are welcome to register their interest on the TM website at www.tm.com.my.
Dato’ Zamzamzairani Mohd Isa, Group Chief Executive Officer, TM, enthused, “Our efforts in putting in place a high speed broadband fibre-optic infrastructure is the first of its kind in the world with regards to its scope and time-to-build. Some 4,000 of our staff are involved in the project and have been working relentlessly since 18 months ago after we signed the Public-Private Partnership (PPP) agreement with the Government. This project also involved over 2,500 staff of our contractors who have been instrumental towards contributing to the premises passed thus far. So the launch of UniFi, delivered on time as promised is a testament to the dedication, determination and teamwork of all the people involved in the project. I would say that the launch of UniFi supports our belief that TM has shouldered this responsibility to the best of our ability, and the trust put on us to deliver the project has not been misplaced.”
Dato’ Zamzamzairani Mohd Isa went on to add, “TM expects customers’ registrations and installations to begin at a more measured pace for the first three months to ensure installation quality and fine tune the network in the initial four areas before gradually picking up steam as the installation teams gather more experience. TM also explained that installation of fibre to the home is completely different from copper wire installation. The work requires skilled handling with a high degree of accuracy. As such, the service installation at customer premises can take more than 4 hours, depending on the complexity of the work required for various types of premises and their specific location. These are the “growing pains” that can be expected in this initial period of the service roll-out. TM has trained a crew of 60 installers for the initial stages of the rollout who will be working 7 days a week to fulfil subscriber signups. At the same time, TM is continuously improving its internal capability and making preparations to scale this up depending on demand received. TM has also put in place the required customer support platforms, 24 by 7, dedicated to UniFi customers to enable them to enjoy enhanced customer service levels.”
HSBB is a flagship project of the National Broadband Initiative that will help boost the country’s competitiveness and enable citizens and businesses to tap into the opportunities in the social and economic spheres. From the economic perspective, HSBB is expected to have a high multiplier effect for businesses, allowing for easier and more efficient collaboration that will drive productivity levels higher and enhance revenue generation. Local and foreign companies here will have access to new applications and be able to reach more markets, which in turn will boost the potential for Foreign Direct Investment from multinational players seeking to use Malaysia as a regional hub.
Signed in September 2008, the RM11.3 billion national HSBB project is a Public-Private-Partnership agreement between TM and the Government of Malaysia to develop next generation high speed broadband infrastructure and services for the nation. TM is putting up RM8.9 billion while the Government is co-investing RM2.4 billion on an incurred claims basis based on project milestones reached by TM.
By the end of 2012 – in accordance with the completion of the first phase of the national HSBB project roll-out as agreed with the Government — approximately 1.3 million premises will be passed nationwide, giving them access to TM UniFi services. These nationwide areas — identified as Zone 1 — include the Inner Klang Valley, Iskandar Malaysia, and key industrial sites around the nation.
No pricing was revealed but rumors (most likely an insider information) are saying that it will start at a price tag of RM150 to somewhere near RM300 covering three different packages within this price range. The official announcement on the pricing is expected to be out later today so stay tuned! Want to UniFi yourself?
