Verizon's Access to the router's WPA password
lrose3
Newbie

Does Verizon have full access to routers they provide? I noticed on the online bill page it shows my WPA password which was randomly generated so the only way to get it was from the router and some type of maintenance or backdoor access to the router.

Good thing I have my important equipement behind another router behind theirs.

0 Likes
1 Solution

Correct answers
Re: Verizon's Access to the router's WPA password
Justin46
Legend

The reason for Verizon making the wireless network passkey available in two places where the customer can see it directly is really very simple, they are continually bombarded with support calls saying something like "what is my wireless password? I have forgotten it (or never knew it, etc.)". I know the above is true because I discussed this topic in detail with a Verizon executive specifically aware of the volume of calls asking for the passkey. 

So Verizon came up with two solutions to help reduce the number of calls:

1) Make the wireless passkey available on the customer's STBs (the usefulness of this solution assumes the customer also has FiOS TV service). They first made the passkey available on the STBs without first requiring entry of any kind of password, a serious security exposure IMO in that anybody sitting there watching TV, kids, visitors, whoever, could view the passkey. So in a second round they added the option to require entry of a Parental Control password (4 digits) to view the wireless passkey. Unfortunately use of the Parental Control password is optional, meaning I suspect that most customers do not use that option because they are not even aware of the exposure. I think Verizon should require use of a password (different from the Parental Control password maybe?) to access the wireless passkey on the STBs.

2) Specifically for those customers who do not have TV service, but really available to all customers, make the wireless passkey visible on the MyVerizon website. Since this is only visible after a customer signs into MyVerizon, there is no greater security issue here than there is for access to any other item on MyVerizon (ordering/removing service, paying the bill, etc.).

IMO both steps are good, and are not security exposures, except that Verizon should require a password on the STBs.

__________________________________
Justin
FiOS TV, 25/25 Internet, and Digital Voice user
QIP7232, QIP7100-P2, IMG 1.9.4
Keller, TX 76248 (VHO 1)

View solution in original post

Re: Verizon's Access to the router's WPA password
JOSEm441
Specialist - Level 2

http://forums.verizon.com/t5/Share-Your-Ideas-with-Verizon/idb-p/ideas/label-name/my%20verizon

Please vote here,  maybe this will  change. IMO I can see it displaying the factory settings but even if you change it as I did it still is displayed.  Also there should be an option to hide it if you want to.

AFA access when I had an issue with my present router (could not login) the tech did try to login so the answer is yes.

0 Likes
Re: Verizon's Access to the router's WPA password
walt178
Specialist - Level 3

@lrose wrote:

Does Verizon have full access to routers they provide? I noticed on the online bill page it shows my WPA password which was randomly generated so the only way to get it was from the router and some type of maintenance or backdoor access to the router.

Good thing I have my important equipement behind another router behind theirs.


Yes.  But, in my opinion, Verizon's ability to access the router is reasonable.  They need to be able to test and reset remotely when customers have problems.  I believe the ability to access customer supplied equipment is fairly common.

There have been prior posts about the WPA password being on the homepage.  If you don't like it add your vote to the following suggestion.

http://forums.verizon.com/t5/Share-Your-Ideas-with-Verizon/Prevent-SSID-and-Password-Display-in-quot...

0 Likes
Re: Verizon's Access to the router's WPA password
smith6612
Community Leader
Community Leader

You'd be right. Port 4567 is their management port for the router, and they can pull info from the router through that port. You can block that port with a firewall rule on the router and some trickery.

Re: Verizon's Access to the router's WPA password
viafax999
Community Leader
Community Leader

@walt178 wrote:

@lrose wrote:

Does Verizon have full access to routers they provide? I noticed on the online bill page it shows my WPA password which was randomly generated so the only way to get it was from the router and some type of maintenance or backdoor access to the router.

Good thing I have my important equipement behind another router behind theirs.


Yes.  But, in my opinion, Verizon's ability to access the router is reasonable.  They need to be able to test and reset remotely when customers have problems.  I believe the ability to access customer supplied equipment is fairly common.

There have been prior posts about the WPA password being on the homepage.  If you don't like it add your vote to the following suggestion.

http://forums.verizon.com/t5/Share-Your-Ideas-with-Verizon/Prevent-SSID-and-Password-Display-in-quot...


Why on earth would anybody think there is any valid reason for Verizon to have WIRELESS access to their router which only allows them access to the internet signal.   Remote access to the router I would expect (and assume it's done by a backdoor) but NEVER wireless access.

0 Likes
Re: Verizon's Access to the router's WPA password
walt178
Specialist - Level 3

@viafax999 wrote:

@walt178 wrote:

@lrose wrote:

Does Verizon have full access to routers they provide? I noticed on the online bill page it shows my WPA password which was randomly generated so the only way to get it was from the router and some type of maintenance or backdoor access to the router.

Good thing I have my important equipement behind another router behind theirs.


Yes.  But, in my opinion, Verizon's ability to access the router is reasonable.  They need to be able to test and reset remotely when customers have problems.  I believe the ability to access customer supplied equipment is fairly common.

There have been prior posts about the WPA password being on the homepage.  If you don't like it add your vote to the following suggestion.

http://forums.verizon.com/t5/Share-Your-Ideas-with-Verizon/Prevent-SSID-and-Password-Display-in-quot...


Why on earth would anybody think there is any valid reason for Verizon to have WIRELESS access to their router which only allows them access to the internet signal.   Remote access to the router I would expect (and assume it's done by a backdoor) but NEVER wireless access.


The issue was Verizon having access to your router and posting the SSID & wireless key on the homepage.  Not wireless access.  Actually I doubt that Verizon is much concerned about having wireless access as that would require them to send someone to your neighborhood.

Re: Verizon's Access to the router's WPA password
VUser50
Contributor - Level 2

Why on earth would anybody think there is any valid reason for Verizon to have WIRELESS access to their router which only allows them access to the internet signal.   Remote access to the router I would expect (and assume it's done by a backdoor) but NEVER wireless access.


I'm not sure what you mean... The access they get comes from your wired connection to Verizon. The remote access they have allows them to see all (or at least most of your settings) including your WiFi password. Unless they went out of their way to do so w/ special software, remote access would include the WiFi settings. I also assume that it makes it easy to troubleshoot for users who forget their WiFi password. (even though obviously they could just suggest a reset)

Also the way Verizon (or anyone else) connects to you router has little bearing on their ability to change router settings and do more than access the internet. (unless it is specially set up that way... not sure if Verizon's routers have that option) But again, regardless, Verizon connects via your wired connection to them and then once in your router's settings can see your WiFi password. 

0 Likes
Re: Verizon's Access to the router's WPA password
viafax999
Community Leader
Community Leader

@VUser50 wrote:

Why on earth would anybody think there is any valid reason for Verizon to have WIRELESS access to their router which only allows them access to the internet signal.   Remote access to the router I would expect (and assume it's done by a backdoor) but NEVER wireless access.


I'm not sure what you mean... The access they get comes from your wired connection to Verizon. The remote access they have allows them to see all (or at least most of your settings) including your WiFi password. Unless they went out of their way to do so w/ special software, remote access would include the WiFi settings. I also assume that it makes it easy to troubleshoot for users who forget their WiFi password. (even though obviously they could just suggest a reset)

Also the way Verizon (or anyone else) connects to you router has little bearing on their ability to change router settings and do more than access the internet. (unless it is specially set up that way... not sure if Verizon's routers have that option) But again, regardless, Verizon connects via your wired connection to them and then once in your router's settings can see your WiFi password. 


I guess you didn't read the rest of the thread.

The OP mentioned the fact that his WPA password was visible on his my verizon web page, as it is for everybody.  The wpa password is ONLY good for wireless access and won't provide remote access to your router unless you are crazy enoughto tun on remote admin.

So my contention is that there is no reason for it being there as VZ tech have no need to access your router wirelessly and can, I am presuming, access your router via it's wan connection..  Thus why should they publish your private information on their web pages, albeit they are protected pages.

0 Likes
Re: Verizon's Access to the router's WPA password
VUser50
Contributor - Level 2

I guess you didn't read the rest of the thread.

The OP mentioned the fact that his WPA password was visible on his my verizon web page, as it is for everybody.  The wpa password is ONLY good for wireless access and won't provide remote access to your router unless you are crazy enoughto tun on remote admin.

So my contention is that there is no reason for it being there as VZ tech have no need to access your router wirelessly and can, I am presuming, access your router via it's wan connection..  Thus why should they publish your private information on their web pages, albeit they are protected pages.


Vz by virtue of being able to remotely control your network will have access to your WiFi password. It doesn't mean they actually will use the data except to troubleshoot for someone who forgot. (why would they want to sit outside your house and log on to wifi?) I agree about not publishing it on the web but my point is that they can see your WiFi password anyway since they have remote access and almost all routers store it in clear texts in your settings option. It isn't that they need to access your router's wan but they just want to have that info for someone who forgot and have it anyway.

Also, you are confusing wireless access and remote access. Test out going to 192.168.1.1 while on WiFi and you can see that you'll be able to change all of your routers settings. (after entering your router's admin password) Even though you are connecting via WiFi, you are still considered to be a local user because you are connecting directly to the network. Unless particular settings are enabled, WiFi connected devices interact with the network in the same way wired ones do and aren't just give a path to the internet. Remote access generally refers to being able to modify the network from anywhere on the internet. (i.e. Verizon being able to reboot your router and see your WiFi password would qualify as them having remote access.)

0 Likes
Re: Verizon's Access to the router's WPA password
Justin46
Legend

The reason for Verizon making the wireless network passkey available in two places where the customer can see it directly is really very simple, they are continually bombarded with support calls saying something like "what is my wireless password? I have forgotten it (or never knew it, etc.)". I know the above is true because I discussed this topic in detail with a Verizon executive specifically aware of the volume of calls asking for the passkey. 

So Verizon came up with two solutions to help reduce the number of calls:

1) Make the wireless passkey available on the customer's STBs (the usefulness of this solution assumes the customer also has FiOS TV service). They first made the passkey available on the STBs without first requiring entry of any kind of password, a serious security exposure IMO in that anybody sitting there watching TV, kids, visitors, whoever, could view the passkey. So in a second round they added the option to require entry of a Parental Control password (4 digits) to view the wireless passkey. Unfortunately use of the Parental Control password is optional, meaning I suspect that most customers do not use that option because they are not even aware of the exposure. I think Verizon should require use of a password (different from the Parental Control password maybe?) to access the wireless passkey on the STBs.

2) Specifically for those customers who do not have TV service, but really available to all customers, make the wireless passkey visible on the MyVerizon website. Since this is only visible after a customer signs into MyVerizon, there is no greater security issue here than there is for access to any other item on MyVerizon (ordering/removing service, paying the bill, etc.).

IMO both steps are good, and are not security exposures, except that Verizon should require a password on the STBs.

__________________________________
Justin
FiOS TV, 25/25 Internet, and Digital Voice user
QIP7232, QIP7100-P2, IMG 1.9.4
Keller, TX 76248 (VHO 1)