ToolBox -

February 7th, 2014

Print this article

Add a comment!

AVM has received reports of possible fraudulent use of telephone services by malicious abuse of FRITZ!Box routers.   AVM are investigating why this has happened and have made us aware that it could effect all MyFRITZ users.

AVM have confirmed that it is not brute force and disabling remote access to the router will prevent attacks in the future.

More information about this issue can be found at their website: Fritz!box Security Advice (External link).

 

Wi-Manx recommend that all FRITZ!Box users disable Internet access to the FRITZ!Box altogether.  This will also disable access to your FRITZ!Box user interface from any location using MyFRITZ!

***UPDATE***

A security firmware update is now available.
Instructions on how to update your router can be found here.

Further information can be obtained on our Service Status Page

 

We recommend the following temporary safety precaution

 

Checking whether Internet access to FRITZ!Box via HTTPS has been enabled and disabling it.

  1. Click “Internet” in the FRITZ!Box user interface and select the menu “Permit Access”.
  2. Click the “FRITZ!Box Services” tab.
  3. Check whether the “Internet access to the FRITZ!Box via HTTPS enabled” setting has been enabled.

If the setting is disabled, no further steps are necessary.

If the setting is enabled, disable this option and click “Apply”. If this is the case, be sure to follow the instructions in the section “Steps to further security”!

 

Here is how to check whether your system is affected

 

Checking telephony devices and deleting unknown IP telephones.

Delete any unknown IP telephones to make sure that the cannot be used to make make fraudulent calls:

  1. Click “Telephony” in the FRITZ!Box user interface.
  2. Click “Telephony Devices” in the “Telephony” menu.
  3. You can recognize IP telephones because “LAN/WLAN” will be displayed in the “Connection” or “Port” column for that telephone. Click the corresponding “Delete” button to delete any IP telephones you are not familiar with.

sh1_en

Deleting call diversions to unknown telephone numbers and disabling call through

  1. Click “Telephony” in the FRITZ!Box user interface.
  2. Click “Call Handling” in the “Telephony” menu.
  3. Switch to the “Call Diversion” tab and delete all entries that divert calls to international numbers you are not familiar with.
  4. Switch to the “Call Through” tab and disable the option “Enable call through”.
  5. Click “Apply” to save your settings.

Should your system be affected, please work through the steps for further security.

 

Steps to further security

 

Configuring call blocks for international calls

If you generally do not make international calls, configure call blocks for all calls abroad as a precaution:

  1. Click “Telephony” in the FRITZ!Box user interface.
  2. Click “Call Handling” in the “Telephony” menu.
  3. Click the “New Blocking Rule” button.
  4. Select “Outgoing calls” and enter “00” as the telephone number.
  5. Click “OK” to save the setting.

Checking whether Internet access to FRITZ!Box via HTTPS has been enabled and disabling it

  1. Click “Internet” in the FRITZ!Box user interface and select the menu “Permit Access”.
  2. Click the “FRITZ!Box Services” tab.
  3. Check whether the setting “Internet access to the FRITZ!Box via HTTPS enabled” has been enabled.If the setting is disabled, no further steps are necessary.If the setting is enabled but you do not wish to access the FRITZ!Box user interface from the Internet, disable this option and click “Apply”.If the setting is enabled and you wish to access the FRITZ!Box user interface from the Internet via HTTPS, change the passwords for all FRITZ!Box users who are allowed to access it from the Internet.

Changing passwords of all FRITZ!Box users with Internet access to FRITZ!Box via HTTPS

Change the passwords of all FRITZ!Box users who have been granted “Internet access” (see fig.). When selecting new passwords, use ones that you do not use for other Internet services (for example e-mail, Facebook, MyFRITZ!, etc.):

  1. Click “System” in the FRITZ!Box user interface.
  2. Click “FRITZ!Box Users” in the “System” menu.
  3. Use the “Delete” button to delete all unknown FRITZ!Box users.
  4. Click the “Edit” button for a user who is allowed to access the FRITZ!Box from the Internet.
  5. Enter a new password in the “Password” field.
  6. Click “OK” to save the settings.
  7. Repeat steps 1. – 6. for all further FRITZ!Box users.

sh2_en

This Article was taken with permission from the AVM website Original Article.