Malaysia's UniFi high speed broadband users at risk

[hacksecrets]

This issue had been reported countless times and months back and yet it’s been ignored for quite some time now. So by writing this blog post and working hard on pulling off neat yet serious hacks, we’d hope it would make a huge enough impact for the folks at UniFi to take this seriously. We think that protecting the customers should be a priority. We’re pretty sure that they themselves would say the same thing.

We’ve noticed a couple of flaws in TM’s implementation of UniFi ever since it rolled out. One flaw being that the technicians will ALWAYS enable remote management. RuFI0 noticed this when the technicians installed UniFi at his place during the first roll out (and he quickly patched it :p). According to them, it’s to make it easier for them to troubleshoot problems remotely. Actually, we’ve realized that a lot of other UniFi customers are aware of this and that this had been reported to the folks at UniFi numerous times, but yet here we are. We’ve seen forum threads about this dating back since May of 2010. Another interesting find was by rizvanrp that besides the usual admin account on the router that is usually the so called “root” account, there is actually another hidden account with higher privileges. But how would one go about in finding this mythical hidden all powerful account? Well…