Eir contacting customers after serious security issue with modems

0
138

Eir are contacting 130,000 of its broadband customers advising them to reset their modems because of a security concern over routers being vulnerable to infection by a computer virus. 

The malware, which has breached at least 2,000 Eir modems, places the device in a network of similarly infected machines and turns them into a collective powerful hacking tool, known as a bonnet.

Both the routers at the centre of the security issue are made by Taiwanese manufacturer, Zyxel, and are the models D1000 and P-660HN-T1A.

The routers are part of a large number of similarly vulnerable devices, which are in use all over the world.

The supplier of the routers informed Eir of the vulnerability on 22 November.

According to Eir, it immediately took action to mitigate the risk to customers, by remotely pushing out a software update to the modems.

It also put in place a security filter on its own network to stop traffic from outside getting access to the vulnerability.

The Office of the Data Protection Commissioner, the Department of Communications and communications regulator ComReg were also informed, the company says.

It is also engaging with the State’s Computer Emergency Incident Response Team.

The telecom operator also ran a series of tests last Thursday among a sample of the modems to see whether any had been breached prior to the security measures being put in place.

It found evidence on approximately 1,900 of the routers that they had been the subject of unauthorised access by a third party.

Because this is a criminal offence, Eir also notified An Garda Síochána.

The company says it then began a process of identifying the customers concerned and initiated a factory reset of their modems.

The company also communicated directly with the customers by email and letter on Friday, to inform them of the issue, and advised them to reset their administration and WiFi passwords on the devices.

At present Eir says there is no indication that customer data has been compromised, or that the malware was being used to redirect the users to fake websites.

The virus being used to exploit the vulnerability is thought to be Mirai, or a derivative of it.

Hundreds of thousands of customers of Deutsche Telekom, Talk Talk and the Post Office in Britain were knocked offline when their routers were infected with Mirai in recent weeks.

The Mirai botnet also knocked a number of US websites, including Twitter and Spotify, offline in October.

Two weeks ago Eir’s webmail service was intermittently knocked offline, after a Distributed Denial of Service or DDoS attack.

Details of how to reset the modem can be found at www.eir.ie/modemreset

Information about resetting passwords can be accessed at www.eir.ie/modemadvisory.