Some concern UniFi customers reported that there’s a backdoor access thru UniFi’s router. It was discovered that TM has left an open access on UniFi’s router by allowing Remote Access ON by default which poses a security vulnerability as it is believed that such admin access had similar passwords on all UniFi routers.
Acknowledging that this is of great concern, TM responded by issuing a press statement citing that such remote access was done with intention of providing better troubleshooting when technical support is required.
With the security concerns, TM has admitted that this may not be the best way to go so they have proposed a solution by changing all TM UniFi routers which are D-Link DIR-615 to a unique one which is exclusively known to the customer & TM.
The security concern raised is a valid one and TM shouldn’t have implement such remote access without its customer’s knowledge. Nevertheless, it is good that TM acknowledges such problem and had immediately proposed a solution for its customers.
If you’re a UniFi customer, we suggest you take the necessary step of disabling “Remote Access” by unticking “Enable Remote Management” in your D-Link DIR-615 Wireless router. More details at a Low Yat forum here.
This isn’t the first security vulnerability for ISP customers in Malaysia. Even P1 W1MAX has similar vulnerability for its DV-230 WiMAX modem with WiFi where its password has the same pattern as the SSID. If you’re using this modem, we suggest changing your WiFi password too.
[ Source ]