We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
O2 router - Superuser login
hughesy81
Posts: 12 Forumite
Hi all,
I've signed up to O2 broadband from Talk Talk and I saw somewhere that there is a hidden Superuser login that can be used as the Administrator account is actually locked down somewhat.
Basically I want to know how to stop someone from using this Superuser account as setting up a new Administrator password and WPA seems a bit pointless if there's a generic Superuser login.
Can anyone help?
Cheers
Dave
I've signed up to O2 broadband from Talk Talk and I saw somewhere that there is a hidden Superuser login that can be used as the Administrator account is actually locked down somewhat.
Basically I want to know how to stop someone from using this Superuser account as setting up a new Administrator password and WPA seems a bit pointless if there's a generic Superuser login.
Can anyone help?
Cheers
Dave
0
Comments
-
You'd need physical access to the router to get into the SuperUser account initially because the password is the serial number of the router which is on the id label on it. If you have physical access then you can simply use the reset button to take it all back to defaults. There is also a backdoor which O2 can use to update the firmware.
If any of that isn't to your liking then there is nothing stopping you using your own router rather than theirs.0 -
I think I might be confusing myself but I've logged in using the SuperUser account wirelessly using a password freely available on the internet. The thing is I've already set up my WPA key on my wireless card. All I want to do is stop anyone from logging in to my router without my knowing. I'm being a bit paranoid with the security thing but just trying to cover all bases.0
-
Morning hughsey81,I think I might be confusing myself but I've logged in using the SuperUser account wirelessly using a password freely available on the internet. The thing is I've already set up my WPA key on my wireless card. All I want to do is stop anyone from logging in to my router without my knowing. I'm being a bit paranoid with the security thing but just trying to cover all bases.
Before you can even use the SuperUser login details, you have to physically connect to the router. Be this with a cable or wirelessly.
If someone tries to connect wirelessly, they must have the WEP/WPA key. By default, the web key is made up of random letters and numbers.
If you wanted to take further steps to secure the wireless network, you can:- Change the security type from WEP to WPA2
- Stop the SSID (Wireless Network Name) from being broadcast
> Select 'WPA+WPA2' from the 'WPA-PSK Version' drop down menu > Apply
Let us know how you get on
Paul“Official Company Representative
I am an official company representative of O2. MSE has given permission for me to post in response to queries about the company, so that I can help solve issues. You can see my name on the companies with permission to post list. I am not allowed to tout for business at all. If you believe I am please report it to forumteam@moneysavingexpert.com"0 -
Changing your SuperUser password might be the easiest solution -
http://service.o2.co.uk/IQ/SRVS/CGI-BIN/WEBCGI.EXE?New,Kb=Companion,question=ref(User):str(Broadband),t=Broadband_Case,CASE=204450 -
Hi Paul,
Once again thanks for your reply. It would seem customer service does still exist these days! As I thought, I completely confused myself! As WEP security is switched on by default, there's no way anyone could login to the router using SuperUser account anyway! For some reason I thought the SuperUser account would bypass the WEP security but thinking now that's complete rubbish.
Anyway, I changed the SuperUser password late last night (cheers beecher2) and I'll change the security to WPA and also stop the broadcasting of the SSID. That's my security paranoia all sorted
Cheers!
Dave0 -
I'm surprised that the SuperUser account on your router wasn't set to the unit serial number. Without that there is indeed a possible exploit and that is why O2 remotely changed all the passwords away from the fixed one some time back. It is (or certainly was) possible to spoof the router into accepting a login across the internet - http://www.theregister.co.uk/2009/09/01/buggy_o2_routers/
If your router is still set to use the O2Br0ad64nd pasword then I'd certainly recommend that you change it0 -
Yeah I changed the SuperUser password, cheers!
So, now I've changed the SuperUser and Administrator passwords, I shouldn't have any reason to worry?0 -
I'd say you are safe. In fact in practice you probably always were anyway - O2 have upwards of half a million customers using their routers and I've never seen a report of one being hacked via a router vulnerability.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.7K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 452.9K Spending & Discounts
- 242.6K Work, Benefits & Business
- 619.4K Mortgages, Homes & Bills
- 176.3K Life & Family
- 255.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards