Vulnerability in Singtel router?

Kage86

Junior Member
Joined
May 23, 2010
Messages
72
Reaction score
0
I just received a request to trust dubious certificate a few minutes after installing Singtel's FIber 500MBPS plan. The router is an Aztech router.

The certificate is called 'Daniel' with the email address kiding@broadcom.com. And it was a calendar app that popped up this alert.

I google'd to see what causes this and it seems like many manufacturers may have installed it onto their devices.

You can read more about it at PCWorld or the original source at SEC

The problem is I don't have an in-depth understanding of the implications and if this affects everyone else on Singtel's Fiber plan. Can anyone tell me if this is safe or if I should get a new router?
 

Henry Ng

Arch-Supremacy Member
Joined
Aug 9, 2011
Messages
14,014
Reaction score
221
I just received a request to trust dubious certificate a few minutes after installing Singtel's FIber 500MBPS plan. The router is an Aztech router.

The certificate is called 'Daniel' with the email address kiding@broadcom.com. And it was a calendar app that popped up this alert.

I google'd to see what causes this and it seems like many manufacturers may have installed it onto their devices.

You can read more about it at PCWorld or the original source at SEC

The problem is I don't have an in-depth understanding of the implications and if this affects everyone else on Singtel's Fiber plan. Can anyone tell me if this is safe or if I should get a new router?

I do not see such pop up windows when i was using Singtel. Something not right. I suggest reporting to Singtel technical support. It is ok to have same key because there are so many devices in this world. No one will know which key your device is using.
 
Last edited:

jury_pack

Master Member
Joined
Apr 15, 2014
Messages
3,089
Reaction score
0
I just received a request to trust dubious certificate a few minutes after installing Singtel's FIber 500MBPS plan. The router is an Aztech router.

The certificate is called 'Daniel' with the email address kiding@broadcom.com. And it was a calendar app that popped up this alert.

I google'd to see what causes this and it seems like many manufacturers may have installed it onto their devices.

You can read more about it at PCWorld or the original source at SEC

The problem is I don't have an in-depth understanding of the implications and if this affects everyone else on Singtel's Fiber plan. Can anyone tell me if this is safe or if I should get a new router?

Don't trust the cert, call Singtel, request upgrade of firmware. You router could be in storage for quite sometime, outdated firmware.
 

Henry Ng

Arch-Supremacy Member
Joined
Aug 9, 2011
Messages
14,014
Reaction score
221
Don't trust the cert, call Singtel, request upgrade of firmware. You router could be in storage for quite sometime, outdated firmware.

By right the tech will update the firmware during installation day.
 

Kage86

Junior Member
Joined
May 23, 2010
Messages
72
Reaction score
0
Hi everyone, thanks for the fast replies!

I called Singtel and they told me they have never heard of this situation before. Their tech team even went on to tell me generic information like 'dont use third party stuff..' etc.

Aztech said they haven't heard of the problem before either, which is funny cause they were mentioned numerous times in the different post on that expired cert.

A bit of background on what happened, the guy came to install the router and ONT for me. Within 30 minutes of him leaving Fantastical (calendar app) asked about the cert. The other 3 computers did not ask anything. I restarted my calendar app hoping to replicate the trust certificate option but it no longer triggers it.

I suspect it might be present in the firmware of the other routers, just that rarely/doesnt get picked up. I'm probably just going to buy a better router anyway.
 

Henry Ng

Arch-Supremacy Member
Joined
Aug 9, 2011
Messages
14,014
Reaction score
221
Hi everyone, thanks for the fast replies!

I called Singtel and they told me they have never heard of this situation before. Their tech team even went on to tell me generic information like 'dont use third party stuff..' etc.

Aztech said they haven't heard of the problem before either, which is funny cause they were mentioned numerous times in the different post on that expired cert.

A bit of background on what happened, the guy came to install the router and ONT for me. Within 30 minutes of him leaving Fantastical (calendar app) asked about the cert. The other 3 computers did not ask anything. I restarted my calendar app hoping to replicate the trust certificate option but it no longer triggers it.

I suspect it might be present in the firmware of the other routers, just that rarely/doesnt get picked up. I'm probably just going to buy a better router anyway.

Why it never appear on your other PC? May be something not right with this PC.
 

Kage86

Junior Member
Joined
May 23, 2010
Messages
72
Reaction score
0
I don't think so.

The certificate is hardcoded and distributed using Broadcom's SDK. It is why the articles I've linked earlier to talk about specific brands of routers that are affected by it.

Here's another thread of someone asking the same question I was in Jan 2015. The other person who said he had the same problem cited the exact same router model as the OP.

In any case, I hardly doubt the Macbook Air is the cause of the dubious certificate. Laptops don't require SSL certification, routers/servers do.
 

Henry Ng

Arch-Supremacy Member
Joined
Aug 9, 2011
Messages
14,014
Reaction score
221
I don't think so.

The certificate is hardcoded and distributed using Broadcom's SDK. It is why the articles I've linked earlier to talk about specific brands of routers that are affected by it.

Here's another thread of someone asking the same question I was in Jan 2015. The other person who said he had the same problem cited the exact same router model as the OP.

In any case, I hardly doubt the Macbook Air is the cause of the dubious certificate. Laptops don't require SSL certification, routers/servers do.

May be you want to investigate the matter carefully.
 

WarCry

Junior Member
Joined
Sep 27, 2002
Messages
41
Reaction score
0
Hi everyone, thanks for the fast replies!

I called Singtel and they told me they have never heard of this situation before. Their tech team even went on to tell me generic information like 'dont use third party stuff..' etc.

Aztech said they haven't heard of the problem before either, which is funny cause they were mentioned numerous times in the different post on that expired cert.

A bit of background on what happened, the guy came to install the router and ONT for me. Within 30 minutes of him leaving Fantastical (calendar app) asked about the cert. The other 3 computers did not ask anything. I restarted my calendar app hoping to replicate the trust certificate option but it no longer triggers it.

I suspect it might be present in the firmware of the other routers, just that rarely/doesnt get picked up. I'm probably just going to buy a better router anyway.

Likely when you launch the app, there was a short interruption to the service.

I personally experienced same issue when using my Outlook when the broadband was down and similar certificate prompt appears.

This is due to an intercept page from the router that is suppose to guide user to do simple troubleshooting when they try to surf the net and somehow service is down, e.g. ethernet cable came loose for my case.
 

Ah-Pin-Kor

Great Supremacy Member
Joined
Apr 2, 2008
Messages
54,433
Reaction score
1,334
TS, what model of Aztech router and what firmware version is it using?
 

Kage86

Junior Member
Joined
May 23, 2010
Messages
72
Reaction score
0
The Aztech router model is FG7003GR(AC). It comes with the 500MBPS Singtel plan.
Firmware version is 341.6.1-008A.

What WarCry said sounds about right, but I wouldn't know how to replicate it on wifi though. This would make testing the issue slightly difficult.
 

MikeDirnt78

High Supremacy Member
Joined
Jun 16, 2002
Messages
47,623
Reaction score
8,163
ditch your aztech router lah.

why would you want to stick with such a crappy brand? there is a reason why singtel is giving out free.
 

tungsten2

Master Member
Joined
May 30, 2000
Messages
4,150
Reaction score
0
Guys, don't think it's the Aztech /Singtel issue. If you have read the first post article, it says "
Millions of embedded devices use the same hard-coded SSH and TLS private keys
The keys were hard-coded by manufacturers and can be used by attackers to launch man-in-the-middle attacks"

It looks like user system is already compromised even before the change of router.

I have been a Singtel user for 10 years, never before encounter such issue.

Remember what websites that you visit also can compromise your system. As far as possible, login as a limited user account when you use your PC.
 

MikeDirnt78

High Supremacy Member
Joined
Jun 16, 2002
Messages
47,623
Reaction score
8,163
I read through the article. Not all the brands are mentioned in there.
 
Last edited:

Kage86

Junior Member
Joined
May 23, 2010
Messages
72
Reaction score
0
Guys, don't think it's the Aztech /Singtel issue. If you have read the first post article, it says "
Millions of embedded devices use the same hard-coded SSH and TLS private keys
The keys were hard-coded by manufacturers and can be used by attackers to launch man-in-the-middle attacks"

It looks like user system is already compromised even before the change of router.

I have been a Singtel user for 10 years, never before encounter such issue.

Remember what websites that you visit also can compromise your system. As far as possible, login as a limited user account when you use your PC.

I think you misunderstand what the article is saying. SSH host keys and SSL certificates are used by devices that relay data to other devices. The purpose of using these (if done correctly) prevents information from being hijacked / stolen by non-intended recipients.

Things like routers have the ability to use SSL certs to secure the connection. It is a function most decent routers are built with. Most users don't have the knowledge to install their own by default, so some companies may install their own for their convenience.

The problem here is that this expired certificate called Daniel was placed in the software development kit (SDK) of Broadcom, and many device manufacturers built their firmware around it. So this vulnerable cert exists.

The laptop itself doesn't install certificates on itself. It merely tries to connect to one if you agree it is safe. This is the same as the giant HTTPS lock on your ibanking's website that is tied to their web server. If it is suddenly expired or unverified, Chrome will warn you about the security of that site and ask if you would like to proceed anyway.

I run Avira virus scan, Malwarebytes, and use a VPN when on a shared network to ensure safety. The main purpose of the post was to ask if anyone else had experience this and if they have a solution to it since there are many Singtel users out there.

Also it does not mean your router / computer will be affected. It merely is a potential security risk for MITM attacks.



TLDR: I was a Starhub user for over 10 years and did not encounter this problem until I switched to Singtel. Just cause the pop out doesn't appear on your screen doesn't mean your connection is entirely secure.
 
Last edited:
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ. Forum members and moderators are responsible for their own posts.

Please refer to our Community Guidelines and Standards, Terms of Service and Member T&Cs for more information.
Top