Martin Lewis
MoneySavingExpert Chair, Martin Lewis · Editor, Marcus Herbert

MSE Forum

NEW BLOG. Featuring tips and pics from pet owners of the MSE Forum, we present to you Homemade pet toy ideas. Take a look

O2 router - Superuser login

in Broadband & internet access
8 replies 9.8K views
hughesy81hughesy81 Forumite
12 Posts
in Broadband & internet access
Hi all,

I've signed up to O2 broadband from Talk Talk and I saw somewhere that there is a hidden Superuser login that can be used as the Administrator account is actually locked down somewhat.

Basically I want to know how to stop someone from using this Superuser account as setting up a new Administrator password and WPA seems a bit pointless if there's a generic Superuser login.

Can anyone help?

Cheers
Dave

Replies

  • kwikbreakskwikbreaks Forumite
    9.2K Posts
    Forumite
    You'd need physical access to the router to get into the SuperUser account initially because the password is the serial number of the router which is on the id label on it. If you have physical access then you can simply use the reset button to take it all back to defaults. There is also a backdoor which O2 can use to update the firmware.

    If any of that isn't to your liking then there is nothing stopping you using your own router rather than theirs.
  • hughesy81hughesy81 Forumite
    12 Posts
    I think I might be confusing myself but I've logged in using the SuperUser account wirelessly using a password freely available on the internet. The thing is I've already set up my WPA key on my wireless card. All I want to do is stop anyone from logging in to my router without my knowing. I'm being a bit paranoid with the security thing but just trying to cover all bases.
  • O2_Company_RepresentativeO2_Company_Representative Organisation Representatives - Private Messages may not be monitored
    88 Posts
    hughesy81 wrote: »
    I think I might be confusing myself but I've logged in using the SuperUser account wirelessly using a password freely available on the internet. The thing is I've already set up my WPA key on my wireless card. All I want to do is stop anyone from logging in to my router without my knowing. I'm being a bit paranoid with the security thing but just trying to cover all bases.
    Morning hughsey81,

    Before you can even use the SuperUser login details, you have to physically connect to the router. Be this with a cable or wirelessly.

    If someone tries to connect wirelessly, they must have the WEP/WPA key. By default, the web key is made up of random letters and numbers.

    If you wanted to take further steps to secure the wireless network, you can:

    • Change the security type from WEP to WPA2
    http://192.168.1.254 > Home Network > WLAN: [network name here] > Configure (top right) > Untick Broadcast Network Name > Apply
    • Stop the SSID (Wireless Network Name) from being broadcast
    http://192.168.1.254 > Home Network > WLAN: [network name here] > Configure (top right) > Select 'Use WPA-PSK Encryption'
    > Select 'WPA+WPA2' from the 'WPA-PSK Version' drop down menu > Apply

    Let us know how you get on :)

    Paul
    Official Company Representative
    I am an official company representative of O2. MSE has given permission for me to post in response to queries about the company, so that I can help solve issues. You can see my name on the companies with permission to post list. I am not allowed to tout for business at all. If you believe I am please report it to [email protected]"
  • beecher2beecher2 Forumite
    3.7K Posts
    Tenth Anniversary 1,000 Posts Combo Breaker
    Changing your SuperUser password might be the easiest solution -

    http://service.o2.co.uk/IQ/SRVS/CGI-BIN/WEBCGI.EXE?New,Kb=Companion,question=ref(User):str(Broadband),t=Broadband_Case,CASE=20445
  • hughesy81hughesy81 Forumite
    12 Posts
    Hi Paul,

    Once again thanks for your reply. It would seem customer service does still exist these days! As I thought, I completely confused myself! As WEP security is switched on by default, there's no way anyone could login to the router using SuperUser account anyway! For some reason I thought the SuperUser account would bypass the WEP security but thinking now that's complete rubbish.

    Anyway, I changed the SuperUser password late last night (cheers beecher2) and I'll change the security to WPA and also stop the broadcasting of the SSID. That's my security paranoia all sorted :)

    Cheers!
    Dave
  • kwikbreakskwikbreaks Forumite
    9.2K Posts
    Forumite
    I'm surprised that the SuperUser account on your router wasn't set to the unit serial number. Without that there is indeed a possible exploit and that is why O2 remotely changed all the passwords away from the fixed one some time back. It is (or certainly was) possible to spoof the router into accepting a login across the internet - http://www.theregister.co.uk/2009/09/01/buggy_o2_routers/

    If your router is still set to use the O2Br0ad64nd pasword then I'd certainly recommend that you change it
  • edited 18 June 2010 at 1:45PM
    hughesy81hughesy81 Forumite
    12 Posts
    edited 18 June 2010 at 1:45PM
    Yeah I changed the SuperUser password, cheers!

    So, now I've changed the SuperUser and Administrator passwords, I shouldn't have any reason to worry?
  • kwikbreakskwikbreaks Forumite
    9.2K Posts
    Forumite
    I'd say you are safe. In fact in practice you probably always were anyway - O2 have upwards of half a million customers using their routers and I've never seen a report of one being hacked via a router vulnerability.
This discussion has been closed.
Latest MSE News and Guides

Energy Price Cap change

Martin Lewis on what it means for you

MSE News

Best £1 you've ever spent?

Share your most impressive bargains

MSE Forum

New MSE Forum avatars available

Try 'em out now

MSE Forum
Sign In · Join