Verizon Wisdom!!!

At a recent site visit, a client of mine recently installed the FIOS service from Verizon.  I was brought in to repair a laptop that was no longer browsing the web.  The prior evening it was working fine but in the morning it could no longer surf the web.  The computer was able to receive an IP address.  The client had removed the Norton 360 and installed the security suit now being offered for free by Verizon.  I proceeded to do the typical troubleshooting for when you get an IP address but still not able to surf the web.  This did not get anywhere.

I was looking at the software provided by Verizon and it appears to be a product they recently created on their own.  As per my luck with Verizon products when I went to uninstall the product and restore to normal, I found the uninstaller failed to work.

I then called Verizon’s technical support for two reasons.  I wanted to gain access to the router and I wished to get the removal tool for their malware program.  I started with the removal first.  I asked for the file location and was told it was fairly complex address to download it from. The tech seemed unsure how to get it to the laptop since it couldn’t get on the Internet.  Of course this was 90 seconds after I had told him my laptop worked fine on the router and was 6 inches away.   The tech offered to take over my computer so that he could easily give me the address to the file.  I consented and allowed access, downloaded the file, used sneaker net to transfer the file, and removed the malware program.  This did not resolve the problem.

My next step was to examine the connection to the router.  I asked for the user name and password to the router and was completely thrown off guard when I found the answer.  The user name I had no issue with of being admin, but I was shocked to find out the password was simply password1.  I without even thinking asked the tech “REALLY”.  You use password1 as your password for your routers.  I was then told that the techs in the field are to use this password as their password and it is configured via a USB key that the tech runs the setup from.  My next set of questions to the tech was semi rapid fire.  You use a WEP key on your router (granted random character), and you use a password of password1.  I then asked him why they would configure a WPA2 capable router with WEP, and then secure it with a horrible password.  I asked the tech if he had heard that WEP is broken and takes less than a minute to crack?  There were no answers from the tech.

I was completely surprised when I realized just how bad this security really was.  I then proceed to put a much more secure password on the router, and added a quality WPA Key.  I simply do not understand why they ever considered this a good idea.

Summary Verizon uses a default password of password1 on a WEP key standard broadcasting router.  This is a REALLY bad idea and exceptionally bad implementation of that technology.

The views of this post are 100% the view of Anthony Gartner

RSS feed for comments on this post. TrackBack URI

Leave a Reply