ISP in control
Your recent article on ‘Securing your router’ (TechLife 79, pages 100-101) prompted me to check my own NBN fibre router, which was supplied within the last 12 months by my ISP (Exetel). It is a ZTE H268A and has performed well. However, this modem-router was pre-installed with something called ‘TR-069 remote management’ capability which apparently means that its firmware can be remotely upgraded by the ISP without notification to the user. Is this common? Is it a significant security risk that I should try and disable, and if so, how? [ DAVID LUCKETT ]
Ed replies: The consensus from our peers says that the TR-069 protocol could possibly open you up to hacking, but in reality it’s not likely to happen. TR-069 is not perfect, but then what is? Your solutions, we think, are thus: One: replace the router, which is likely to be expensive and unnecessary. Two: do nothing. Three: get in touch with Exetel, explain you’re concerned about security, and ask them if it’s safe to turn off. Our advice? Start at solution three and work backwards.