Accessibility Resource Center Skip to main content
Get it fast with In-store & curbside pickup or same day delivery.

Can we trust the security built into Westell 9100 router? I have my doubts...

Reply
Merthiolate
Nickel Contributor
Nickel Contributor
Posts: 43
Registered: ‎04-20-2011

Can we trust the security built into Westell 9100 router? I have my doubts...

Message 1 of 9
(2,976 Views)

I tried the IHA (In Home Agent) yesterday. One of the notifications that I have is that I need to set the password on my router. I have already done so. Just to get rid of the notification, I clicked on the link to set my router password. It did set the password to a new password.

In my dealings with the Westell router... It asks that I set the password when it's initially set up - so I set it. Then after that, I must enter a password to do anything at all in the settings. Now this IHA things tells me to set the password. The password is already ser to a value that the IHA doesn't know about, yet it sets it again to a new value.

I asked tech support how can the IHA do this. The router itself denies me changing anything until I first enter the password. The tech 'specialist' says that 'somehow', it knows the old password even though I never told the IHA what the existing password was.

I summary, security for the router is non-existant! Somehow, Verison gets in and monkeys with the settings of the router without even knowing the password. So Verizon has a back door in the router that they are no telling us about. This is pretty bad and only shows how little security our PCs have when attached to the router.

 

For extra security, I place all my PCs behind another personal firewall so as to protect it from the non-existent security of this Westell router the Verizon supplies.

 

Verizon can do whatever the hell they want to the STBs and the Westell piece of junk. But they can't get into my LAN by usurping this so-called security provided by the Verizon supplied router.

8 REPLIES 8
spacedebris
Gold Contributor V
Gold Contributor V
Posts: 1,692
Registered: ‎05-17-2009

Re: Can we trust the security built into Westell 9100 router? I have my doubts...

Message 2 of 9
(2,912 Views)

The IHA didnt know your password. It simply had verizon send the reset command to reset the password to default and then change the password so that the IHA would then know the password. Both the Westel and the Actiontec have an option in the "advanced" settings which allows for remote access. Unless you go in and disable this function it allows Verizon to be able to remotely reset your router for you. The IHA is a tool that, for troubleshooting purposes, needs access to your router. Therefor when you install IHA it needs to know your router password. If your router already has a password, it resets it so that the IHA can then set the password again and know it for future troubleshooting. If you go in and disable that remote reset funtion, then IHA will be unable to do that. But without access to the router, it has limited troubleshooting possiblities. Other than the remote access for Verizon, the routers security software is typical of most routers on the market.




====================================================================================

Error exists between keyboard and chair.
Merthiolate
Nickel Contributor
Nickel Contributor
Posts: 43
Registered: ‎04-20-2011

Re: Can we trust the security built into Westell 9100 router? I have my doubts...

Message 3 of 9
(2,828 Views)

@spacedebris wrote:

The IHA didnt know your password. It simply had verizon send the reset command to reset the password to default and then change the password so that the IHA would then know the password. Both the Westel and the Actiontec have an option in the "advanced" settings which allows for remote access. Unless you go in and disable this function it allows Verizon to be able to remotely reset your router for you. The IHA is a tool that, for troubleshooting purposes, needs access to your router. Therefor when you install IHA it needs to know your router password. If your router already has a password, it resets it so that the IHA can then set the password again and know it for future troubleshooting. If you go in and disable that remote reset funtion, then IHA will be unable to do that. But without access to the router, it has limited troubleshooting possiblities. Other than the remote access for Verizon, the routers security software is typical of most routers on the market.


If that was the case, then why was my custom password for the router still the password that I use to access the router?
Merthiolate
Nickel Contributor
Nickel Contributor
Posts: 43
Registered: ‎04-20-2011

Re: Can we trust the security built into Westell 9100 router? I have my doubts...

Message 4 of 9
(2,826 Views)

@spacedebris wrote:

The IHA didnt know your password. It simply had verizon send the reset command to reset the password to default and then change the password so that the IHA would then know the password. Both the Westel and the Actiontec have an option in the "advanced" settings which allows for remote access. Unless you go in and disable this function it allows Verizon to be able to remotely reset your router for you. The IHA is a tool that, for troubleshooting purposes, needs access to your router. Therefor when you install IHA it needs to know your router password. If your router already has a password, it resets it so that the IHA can then set the password again and know it for future troubleshooting. If you go in and disable that remote reset funtion, then IHA will be unable to do that. But without access to the router, it has limited troubleshooting possiblities. Other than the remote access for Verizon, the routers security software is typical of most routers on the market.


spacedebris, you say in your reply, "If you go in and disable that remote reset funtion [sic], then IHA will be unable to do that. But without access to the router".... how do I do that? I don't you guys fiddling about with my router settings on a willy-nilly basis. If access is needed, I want to first be informed of your intent. Then, if you want in, I'll just manually reset everything to default by pushing the reset button. Also, I don't use IHA as I run linux on my LAN. I did load up a Windows XP just to to try IHA but I saw no benefit of having it.
Merthiolate
Nickel Contributor
Nickel Contributor
Posts: 43
Registered: ‎04-20-2011

Re: Can we trust the security built into Westell 9100 router? I have my doubts...

Message 5 of 9
(2,821 Views)

repost because of word omission:

spacedebris, you say in your reply, "If you go in and disable that remote reset funtion [sic], then IHA will be unable to do that. But without access to the router"

How do I do that? I don't want you guys fiddling about with my router settings on a willy-nilly basis. If access is needed, I want to first be informed of your intent. Then, if you need in for some reason, I'll just manually reset everything to default by pushing the reset button.

 

Also, I don't use IHA as I run linux on my LAN. I did load up a Windows XP just to to try IHA but I saw no benefit of having it.

 

Merth

viafax999
Gold Contributor VII Gold Contributor VII
Gold Contributor VII
Posts: 2,159
Registered: ‎11-10-2009

Re: Can we trust the security built into Westell 9100 router? I have my doubts...

Message 6 of 9
(2,806 Views)

You appear to be of the belief that a password used to protect browser access to the router firmware is the only way to get to that firmware.

As VZ wrote the firmware and also the software for the IHA then there is nothing stopping them having written code in the IHA that talks directly to a custom built IHA backdoor in the firmware on the device at 192.168.1.1.  If that is the way they do it removing the IHA kills part of the threat but the backdoor is still there.  Unfortunately a lot of companies do have procedures such as this and so you are somewhat at the mercy of their security in protecting their source code and also that they wrote their backdoors in such a way that they are tamperproofSmiley Very Happy

If this is in fact how the IHA accomplished what you described then the positive side is that it probably can only be accomplished by code on the inside of your network unless you have activated port forwarding to your router address.

Merthiolate
Nickel Contributor
Nickel Contributor
Posts: 43
Registered: ‎04-20-2011

Re: Can we trust the security built into Westell 9100 router? I have my doubts...

Message 7 of 9
(2,797 Views)
Yea, all this IHA crud, I never use anyway. I run a linux shop, not Windows. I did load up a Windows XP just to try the IHA. I saw no benefit at all that it gives to me. And who know what backdoors they have into the router. That's why I protect my LAN with another firewall behind Westell router. All ports are closed -- they can't get into PCs on my LAN, just their STBs. Now and then, I do intend to open a port so I can expose my web server to the internet. But I have not done that so far since I've been with FiOS.
Merthiolate
Nickel Contributor
Nickel Contributor
Posts: 43
Registered: ‎04-20-2011

Re: Can we trust the security built into Westell 9100 router? I have my doubts...

Message 8 of 9
(2,785 Views)

Viafax999. I see no way to send you a personal message. So here is my private email that I use from time to time. It is {edited for privacy}. If you see this, please email me there with your email address so we can exchange ideas/thoughts. Merth

dslr595148
Trivia Champ
Trivia Champ
Posts: 6,045
Registered: ‎09-24-2008

Re: Can we trust the security built into Westell 9100 router? I have my doubts...

Message 9 of 9
(2,779 Views)

@Merthiolate wrote:
Viafax999. I see no way to send you a personal message. So here is my private email that I use from time to time. It is **** If you see this, please email me there with your email address so we can exchange ideas/thoughts. Merth

 

 

To do so:

 

#1 Go to their profile

 

That is http://forums.verizon.com/t5/user/viewprofilepage/user-id/40167

 

#2 Click on Send this user a private message

 

#3 I think you can figure out the rest...

 

If not, please post.

If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.


 

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.
Have a spare Fios-G1100?Learn how to bridge it into your network
Get Started


Covid19

Browse Categories
Categories:
Posts

Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.