A security flaw in Optus modems puts cable subscribers in Australia at risk of hackers gaining access to or hijacking their home phones, tampering with their WiFi and compromising their home networks, according to a report in The Sydney Morning Herald.
The flaw — a default “admin” password — was likely deliberately left in by Optus so the company could administer the modems remotely. But by doing so the company also left subscribers vulnerable to attack.
The Herald cites an Optus subscriber referred to as “Alex” who uncovered the flaw and wrote posted about it anonymously on the Optus community forum in March.
Alex explained in the post that an attacker “may be able to connect to any CG3000v2 via this back door, view a victim's Optus SIP” and ultimately “register, make and receive phone calls from that victim's account.”