T O P

Need advice on telus cellular internet - think I might be getting hacked

Need advice on telus cellular internet - think I might be getting hacked

Goetzerious

If devices that you do not own are accessing your network the best thing to do would be to change your wifi password. That should knock all those devices off your network without having to black list individual devices.


YYC2977

I’ve tried that already, but I’m open to trying again. Thanks for your quick reply!


Vynro

Also you’ve mentioned you had port scan attacks in your logs. Do you have any open ports on the hub? If you’d like to private message me I can help diagnose if you’ve got any vulnerabilities in your network. And if you do have any open ports for game servers or anything and they aren’t properly secured, that’s a point of entry. As the user above said - it’s most likely unauthorized devices accessing your network through knowing the password.


YYC2977

I finally figured out what I did wrong — only changed password on the hub not my router. We are locked down tightly now with all new passwords on everything and optimized security. Fingers crossed. I appreciate your help!


Tallguy67ca

I have the same hub. 2 big things. Go to 192.168.0.1 in a web browser on a device connected to,your network, log into the hub and change the access password for the hub. This is not the same as your wifi password. Then go and choose a secure wifi options that require a password to connect to your wifi. Write down both passwords, so you have them for future reference. Then reboot the hub. The easiest way to reboot is to log back into the hub, go to the device tab and click on Restart. Call out if you need more help.


YYC2977

Thanks! I finally sorted through all of this and I think I’m in good shape now. Appreciate your help very much!!


Que_Ball

There was a bug in older Huawei router firmware. They would be remotely exploitable and there has been a recent botnet that would remotely control these routers to attack victims in ddos attacks. Can reset router to factory defaults and then use the huawei ai smartphone app or the check for updates button on webpage to look for update. If you do not factory reset the botnet disables the update from working. If you get reinfected before you can update it would also fail. Sometimes can be infected within minutes of reconnecting if they are hammering the connection looking for new nodes. update instructions: https://www.telus.com/en/bc/support/mobile-device/b612-smart-hub/11.196.01.01.464/checking-for-and-installing-system-updates?topicChannel=tutorialMenuTopicLink News about botnet using this router https://amp.thehackernews.com/thn/2021/08/mozi-iot-botnet-now-also-targets.html https://www.microsoft.com/security/blog/2021/08/19/how-to-proactively-defend-against-mozi-iot-botnet/ May be vulnerable to unpatched flaw if Huawei no longer supports it. https://nvd.nist.gov/vuln/detail/CVE-2021-35395 https://nvd.nist.gov/vuln/detail/CVE-2019-5268 https://nvd.nist.gov/vuln/detail/CVE-2019-5269 Security camera recorders, even when not uploading to Internet are also a very common target of similar problems. They are comically exploitable.


YYC2977

Thank you, I did read something about this vulnerability. I have made sure firmware was updated but the idea that the router is somehow still vulnerable makes me worry (frankly, I am past worried now firmly in annoyed territory!). It bugs me that these are known issues and customers are not notified directly when they happen. Sigh....I will keep working on closing any holes in my system. Thanks again!


YYC2977

Update on my previous reply, we worked through it all (thanks to a great rep on the Linksys side) and I think it’s all under control now. Everything is reset with all new passwords so now we wait….. thanks again for your efforts and detailed response.


tiktalyk

If you really want to get restrictive, I suggest investigating if that smart hub is capable of blocking wifi traffic from Mac addresses other than the devices you program into it. That will help keep unauthorized devices from sucking all your bandwidth. If that’s not possible, obtain a wifi router that is capable of it, plug it in to the smart hub and disable the wifi on the smart hub entirely. It should work out to be cheaper than replacing the smart hub. The other thing you should consider is that it’s very possible the billing system at Telus flubbed up. A friend of mine has had that glitch happen to her. Similar scenario, the system went nuts texting her that she was over her data, and then she got a big fat bill. The problem was the supposed excessive usage was all within the same hour of time and in excess of what her phone was capable of transferring in that time period under perfect conditions. The other part was she was deep in the bowels of a hospital, in an area with no cell reception at the best of times, teaching a bunch of people how to use computerized charting, and her cell phone was turned off. Furthermore, she was in full view of the security cameras in the room for 4 hours without a break. The real kicker was the person she was talking to in billing tried to claim that it was ‘impossible’ for the billing system to malfunction, and did so in a condescending way. My friend decided then and there that it was time to speak to the person’s supervisor. One long chat about the attitude of the Call Center agent and my friend had two months of cell service comped for the horrible experience.


YYC2977

The billing issue is crazy! Feel badly for your friend. To be fair, all of the companies I called (Telus, Huawei, and Linksys) were patient and cooperative, so I was fortunate. I think I’ve got this sorted out now with optimized security settings and all new passwords. Thanks for your detailed reply, I appreciated it.


UpperLowerCanadian

I don’t know about system logs- but the most likely thing is that a computer in your home is compromised. Change wifi password, run windows defender on any laptop etc that might stay on.


YYC2977

I’ll try that, thank you!


corpse_flour

Do you mind telling us where you live (approximately)? Providers differ from area to area.


YYC2977

NW of Calgary


Funketime1

I assume you are using WPA2 because WPA can be easily hacked. If you have changed the password you should have nothing unauthorized on the network. Periodically you should be checking what is connected to ensure nothing new connects. As to what used the data, that depends on your router. Some keep logs if you have enabled them. That can show data usage of each connected device. I am not familiar with the devices you are using to know if you can. Alternatively you may have been attacked by a DOS attack and the data was a combination of the data sent to your router and your router response. Again, I am not familiar enough with the rural equipment and how Telus counts the data to know if this is possible.


YYC2977

Thanks, I asked these specific questions to tech support when I was on with them and after resetting devices and passwords, they showed me that security was set as high as it can go. Now I have a phone app that lets me monitor usage and connected devices so we will see if things remain secure. Hopefully we are good as is without any hardware replacement. Thanks for your help with this!