Network Security Breach with NBN Modem and Router ?

Overview

SECURE A COM was called to assist a customer in Monterey facing persistent cybersecurity issues. The client, who was using Aussie Broadband with fibre to the curb, experienced repeated breaches across multiple devices, including smartphones, laptops, and routers. Despite numerous efforts to secure her equipment, the hacking persisted, raising concerns about deeper, more complex security vulnerabilities.

The Problem

The customer’s issues began when her iPhone was hacked several months prior. After the breach, she meticulously changed all her passwords and even reset her MacBook’s firmware at an Apple Store. Despite these efforts, she continued to face issues accessing her Apple ID, which would sometimes disappear for weeks before reappearing without explanation.

Upon returning home with her newly secured phone, she connected it to her home network. Following this, she observed that all her new devices were repeatedly compromised, including two different routers and a second computer. Despite using new hardware, the problem persisted, suggesting that the breaches were not limited to her devices but potentially involved her network infrastructure.

Investigative Process

During our site visit, the client demonstrated the unusual behaviour occurring across her network:

1. Multiple Routers Compromised: She was on her fourth router, yet each router displayed signs of tampering, such as unexpected changes to settings and unexplained remote management access.
2. Unusual Network Activity: System logs showed strange remote access attempts, changes in system times, and unauthorised attempts to access her keychain and metadata, raising suspicion that the hacking was happening at the network level.
3. Router Settings Altered: On her TP-Link router, settings such as CWMP (CPE WAN Management Protocol) and remote management were enabled without her knowledge, despite their default state being disabled.
4. Unexplained Modem Behaviour: The modem connected to the NBN fibre was suspected of being hacked. It appeared that each time a new router was connected, it would become compromised, suggesting that the issue was upstream from the routers themselves.
5. Persistent VoIP Settings: The client found VoIP settings enabled and operational in her router logs, even though she had never set up VoIP services. This was confirmed after discussions with Aussie Broadband, who indicated that the VoIP setup had to have been manually triggered.
6. Inconsistent Logs and Mysterious Device Behaviour: Logs showed time stamps from as far back as 1970 and displayed remote addresses that were not part of the customer’s setup. Additionally, despite disconnecting devices and turning off Wi-Fi, the settings would revert or re-enable themselves, indicating a possible malware or firmware vulnerability.

Challenges Faced

The primary challenge was identifying the root cause of the ongoing hacks. Despite the replacement of devices and continuous resets, the hacks continued, pointing to a deeper issue potentially within the NBN modem itself or through compromised firmware. The constant resetting of settings and the appearance of new vulnerabilities with each hardware replacement suggested that traditional solutions were insufficient.

Resolution

While SECURE A COM provided support, it became clear that the situation required specialised cybersecurity intervention. Our approach included:

1. Disabling All Non-Essential Network Features: We assisted the client in disabling unnecessary settings and features on her routers and modem, although these would sometimes revert on their own.
2. Isolation of Devices: The client disconnected her computer from the network to check logs without interference from other network traffic.
3. Seeking Expert Cybersecurity Input: Recognising the limitations of our standard support, we reached out to our community of cybersecurity experts to provide further guidance, especially since the modem’s potential compromise was beyond standard troubleshooting.
4. Community Engagement: We documented the issues and sought advice from cybersecurity professionals on potential modem vulnerabilities, acknowledging that these hacks might involve sophisticated techniques typically not encountered in everyday network setups.

Conclusion

The persistent issues faced by the customer highlighted the potential vulnerabilities in home network setups, especially with NBN modems and routers that might be susceptible to hacking. The case underscores the importance of expert cybersecurity analysis when standard troubleshooting fails to resolve ongoing breaches.

For customers experiencing similar issues, it is critical to consider that the problem might extend beyond personal devices to the network infrastructure itself. If you suspect that your modem or router might be compromised, professional cybersecurity assistance is essential to identify and neutralise the threat.

More Of Our Case Studies