Major security flaw/anyone can access your router
Tomato44
Enthusiast - Level 1

My router was randomly resetting itself to factory values. Devices on my network behaves weirdly - resetting (Windows), rebooting (Smartphones) and power washing (chromebooks). It felt like some one is accessing my routers’ setting and manipulating my network without any devices physically connecting to it. Called Verizon many times, replaced router twice (tried Quantum and G3100) Nothing helped. Verizon reps assured me that no one can perform hard reboot of my router other than them and me.
Just recently learned that if you go to https://activate.verizon.com and put you email or phone and zip - you get to your routers info page without any username and password. Someone can be miles away from your router and view your SSID and password. Just with your email address or phone that the entire world knows. And zip code that is pretty much available too.

Called Verizon. They confirmed that for whatever weird reason this thing is happening. However they did nothing to stop it. Please try and check your account, see if your routers’ info is exposed as well. 

0 Likes
Reply
1 Solution
jonjones1
Legend

Calm down. First the flaw if it is a flaw the party must know your email address. Not easy to do. Same with your name, email or zip code.

verizon does have a way to access your router for support purposes. The best way to cut them out of the loop is to buy your own router like an Asus or TP Link Archer which can be bought for around $70.

then return the verizon junk routers and save hundreds in rental fees.

View solution in original post

12 Replies
jonjones1
Legend

Calm down. First the flaw if it is a flaw the party must know your email address. Not easy to do. Same with your name, email or zip code.

verizon does have a way to access your router for support purposes. The best way to cut them out of the loop is to buy your own router like an Asus or TP Link Archer which can be bought for around $70.

then return the verizon junk routers and save hundreds in rental fees.

Tomato44
Enthusiast - Level 1

Thanks for the advice. I will definitely get my own router. But there are lots of people that know my phone and know where I live. Any phone or utility bill has this info. Really any service provider.

It is very hard for me to clam down after some of the devices on my network got damaged and some of my accounts got hacked.

0 Likes
Reply
dslr595148
Community Leader
Community Leader

@JEJ45 wrote:

Thanks for the advice. I will definitely get my own router. But there are lots of people that know my phone and know where I live. Any phone or utility bill has this info. Really any service provider.

It is very hard for me to clam down after some of the devices on my network got damaged and some of my accounts got hacked.


While I do not have FIOS be aware that it is best that you do not have FIOS TV because I heard/read if you have FIOS TV too you some how and way must use their router.

Tomato44
Enthusiast - Level 1

While I do not have FIOS be aware that it is best that you do not have FIOS TV because I heard/read if you have FIOS TV too you some how and way must use their router.


True, the TV will work with Verizon router only. Likely I don’t have tv, so I am just replacing the router.

0 Likes
Reply
lasagna
Community Leader
Community Leader

That's totally incorrect.   Verizon STB's require a MoCA path to the internet, which if you use a Verizon router, you get as part of the router.   Without it, you simply need a MoCA bridge (such as an ECB6200) to provide a connectivity path from the coax to the internet.    And, if you don't have a Verizon STB and use, for instance, a TiVO, a bridge is not necessarily required.

As for the previous poster's comments regarding activate.verizon.com, regardless of method, you must have access to the email address or mobile device which is associated with the account in order to obtain the temporary PIN number to authorize access to the account information.   Unless you routinely allow others to have access to your mobile phone or give them you email password, such an attack is highly unlikely.

Tomato44
Enthusiast - Level 1

@lasagna wrote:

That's totally incorrect.   Verizon STB's require a MoCA path to the internet, which if you use a Verizon router, you get as part of the router.   Without it, you simply need a MoCA bridge (such as an ECB6200) to provide a connectivity path from the coax to the internet.    And, if you don't have a Verizon STB and use, for instance, a TiVO, a bridge is not necessarily required.

As for the previous poster's comments regarding activate.verizon.com, regardless of method, you must have access to the email address or mobile device which is associated with the account in order to obtain the temporary PIN number to authorize access to the account information.   Unless you routinely allow others to have access to your mobile phone or give them you email password, such an attack is highly unlikely.


It doesn’t ask for any pin or password. Anybody could try it from any location with my email address or phone. I called Verizon and asked about it. They do admit that there is some kind of a “glitch”. I actually recorded a video of my screen doing it as a proof that it does happening to my account. I wonder, how many more customers it happens too. 

0 Likes
Reply
Edrockvz
Enthusiast - Level 3

I just tried both the mobile # and zip method as well as the email and zip method. Both wouldn't let me through until I verified a pin. Is it possible that you have signed in prior and your machine was registered via and cached via a web cookie? Does it not challenge for more info if you use an incognito window? Is this a new install by chance? Maybe the pin requirement is waived in the first billing cycle to make setup easier?

0 Likes
Reply
Tomato44
Enthusiast - Level 1

I tried from different computers that aren’t on my network (e.g. from work) and no pin is being asked. I even called Verizon and they confirmed that it’s weird, as they tried to do it and it let them into my router without a pin. However, they couldn’t prevent it from happening.

My account is 2 months old.

0 Likes
Reply
jonjones1
Legend

Naturally verizon support can access their own branded routers. It’s part of the service.

i told you what to do. Buy your own router from Asus or Netgear or TP-Link Archer.

there is no access as I said before on customer owned routers. But there is no support either except up to the ONT. It’s a trade off.

Edrockvz
Enthusiast - Level 3

Yeah but the op is stating that anyone can get her ssid/PW with just her email and zip or phone and zip. That shouldn't be the case. I have a FiOS branded router and I get the 2 factor prompt to check my phone/email for a pin.

0 Likes
Reply
Sofies2ndChoice
Enthusiast - Level 3

There are tons of free databases with the requested information available, Melissa is one such example, so to say that a person's email and phone number isn't readily available information is ridiculous.

However it seems like the problem the OP mentioned is no longer a concern if you have an activated account.

0 Likes
Reply
Sofies2ndChoice
Enthusiast - Level 3

Go to melissa.com and tell me that your email and phone number is not readily available online. That's just one example of a database that can be used, for free, to obtain that information so the accepted solution is ridiculous.

However it seems like the site mentioned in the OP isn't providing that information currently, as far as I can tell.

0 Likes
Reply