Singtel security lapse leaves 1,000 Wi-Fi access points exposed
Cyber security company that found security issue says it could have led to hackers redirecting users to fake websites, but Singtel disagrees
Telecommunications company Singtel had a security lapse last week that left about 1,000 Wi-Fi access points exposed to potential hackers, but the issue was resolved within hours.
No end users were reported to have been affected.
US-based cyber security company NewSky Security discovered the lapse on May 21.
Mr Ankit Anubhav, the firm's principal researcher, said it contacted SingCert to raise the matter with Singtel as soon as it discovered the security issue.
SingCert is a unit of the Cyber Security Agency (CSA) of Singapore, which coordinates the nation's response to cyber threats and attacks.
CSA and the Info-Communications Media Development Authority (IMDA) said yesterday that SingCert immediately notified IMDA and Singtel after being alerted on May 22.
"We understand that the issue was resolved within hours, thus limiting the impact on Singtel's customers. IMDA is working with Singtel to prevent similar incidents from recurring," said the statement.
A Singtel spokesman told The New Paper yesterday it took prompt action to close the ports after being alerted.
TNP understands that the number of access points exposed is less than 0.2 per cent of the total number of access points that Singtel operates.
The incident was first reported by NewSky on its blog on Monday.
Although Singtel did not address how the incident happened, NewSky's post said Singtel had initiated port forwarding to troubleshoot an issue with these routers but forgot to close the forwarding after fixing the issue.
Mr Anubhav told TNP: "When accessed on port 10,000, the routers were up for grabs for anyone, as there was no password authentication. This gave a potential attacker total control of the devices."
CONCERN
In general, when a router is compromised, a malicious actor could use it to redirect web traffic. For example, a user visiting a banking site can be redirected to a phishing page and end up providing banking information to hackers.
But Singtel disputes that this could have happened.
"We disagree with the statement by NewSky Security that this incident would have given 'complete access to potential Internet of Things attackers'. The security design of our port limits any access beyond a remote access user interface website," said the spokesman.
This means that some of the conjectures that NewSky made in terms of possible implications might not be true, said president of local mobile security start-up V-Key Joseph Gan.
"It is clear that an open port was a problem, which both Singtel and CSA acknowledged by taking action very quickly," he said. "But if an attacker had tried to gain control of the access points through the exposed ports, they might not have been able to do so, because of Singtel's security design."
Mr Anubhav said that time taken for SingCert and Singtel to resolve the issue was swift.
Singtel added: "We have conducted a stringent review and strengthened our processes to prevent similar incidents. Network and cyber security are our top priorities."
Singtel customer Ashari Ali, who works in the IT administration, said Singtel is a major player holding a large share of the broadband market.
"Even if there were no routers compromised, this does not absolve it of blame. 24/7 vigilance should be the norm in the industry," said Mr Ali, who is in his 50s.
Past cyber security incidents in Singapore include a breach of 52 staff accounts in Singapore universities by an Iranian hacking syndicate. CSA and the Ministry of Education revealed this on April 3.
In Sept 7, it was reported that the personal data of about 5,400 customers of insurance company AXA Insurance was stolen, with customers' e-mail address, mobile number and date of birth exposed.
Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now