ISP popped router ports, saving customers the trouble of making themselves hackable
SingTel then left them open for a while, because ... well there's no excuse is there?
Singaporean broadband subscribers were left vulnerable to attackers after their ISP opened remote access ports on their gigabit modems and forgot to close them.
The discovery was made by NewSky Security researcher Ankit Anubhav, who used Shodan to scan for SingTel routers open on port 10,000 – the default Network Data Management Protocol TCP/UDP port.
Anubhav said a scan yielded 975 devices that had port 10,000 open with no protection, as a result of a fault-finding exercise gone wrong (that number is only those found on the scan).
When NewSky alerted Singapore's CERT, and that body took the issue to SingTel, Anubhav said the root cause was that SingTel enabled port 10,000 to troubleshoot a problem with the SingTel-branded routers (the “Wi-Fi Gigabit Router” is supplied by Arcadyan).
The carrier neglected to close the port once the issues were resolved, leaving the customers vulnerable.
The NewSky post quotes SingCERT's Douglas Mun as saying: “Port forwarding was enabled by their customer service staff to troubleshoot Wi-Fi issues for their customers and was not disabled when the issues were resolved. ISP SingTel will be taking measures to ensure that port forwarding is disabled after troubleshooting has completed.”
Mun added that the ISP had since closed the ports. ®