Eir is to contact 130,000 of its broadband customers by email and letter to
advise them to reset their modems because of a security concern.
It follows the discovery that the customers' routers are vulnerable to
infection by a form of computer virus, and that at least 2,000 have been
breached.
The malware places the device in a network of similarly infected machines
and turns them into a collective powerful hacking tool, known as a botnet.
Both the routers at the centre of the security issue are made by Taiwanese
manufacturer, Zyxel, and are the models D1000 and P-660HN-T1A.
The routers are part of a large number of similarly vulnerable devices,
which are in use all over the world.
The supplier of the routers informed Eir of the vulnerability on 22nd
November.
According to Eir, it immediately took action to mitigate the risk to
customers, by remotely pushing out a software update to the modems.
It also put in place a security filter on its own network to stop traffic
from outside getting access to the vulnerability.
The Office of the Data Protection Commissioner, the Department of
Communications and communications regulator ComReg were also informed, the
company says.
It is also engaging with the State's Computer Emergency Incident Response
Team.
The telecom operator also ran a series of tests last Thursday among a sample
of the modems to see whether any had been breached prior to the security
measures being put in place.
It found evidence on approximately 1,900 of the routers that they had been
the subject of unauthorised access by a third party.
Because this is a criminal offence, Eir also notified An Garda Síochána.
The company says it then began a process of identifying the customers
concerned and initiated a factory reset of their modems.
The company also communicated directly with the customers by email and
letter on Friday, to inform them of the issue, and advised them to reset
their administration and WiFi passwords on the devices.
At present Eir says there is no indication that customer data has been
compromised, or that the malware was being used to redirect the users to
fake websites.
The virus being used to exploit the vulnerability is thought to be Mirai, or
a derivative of it.
Hundreds of thousands of customers of Deutsche Telekom, Talk Talk and the
Post Office in Britain were knocked offline when their routers were infected
with Mirai in recent weeks.
The Mirai botnet also knocked a number of US websites, including Twitter and
Spotify, offline in October.
Two weeks ago Eir's webmail service was intermittently knocked offline,
after a Distributed Denial of Service or DDoS attack.
Details of how to reset the modem can be found at:
www.eir.ie/modemreset <http://www.eir.ie/modemreset>
while information about resetting passwords can be accessed at:
www.eir.ie/modemadvisory <http://www.eir.ie/modemadvisory>
===========================================================
The fb-exchange mailing list
Manage account, subscribe or unsubscribe:
//www.freelists.org/list/fb-exchange
Archives: //www.freelists.org/archives/fb-exchange ;
Administrative contact: insight@xxxxxxxxxxxxxxxxxxxx
===========================================================
