If you have Verizon Fios then you probably don’t want to know that they maintain constant control of your router. Order some television services, and then take a look at all the port translation rules they automatically add. Check out the interface changes they make (for instance, I never had those admin nag screens when I first ordered it).
Now they’re taking it to a whole new level: CHANGING YOUR PASSWORD. Yup, Verizon just updated their TOS to now include, among other things, the right to change your router admin password at will, with no constraints or requirements built into the TOS.
To me this is completely unacceptable. Updating MY GATEWAY WHICH SITS ON MY LAN without my permission was pushing it far enough, but now I have to firewall my gateway from my ISP. That’s messed up. Verizon, I DON’T NEED NOR WANT YOUR HELP. Keep your hands off my router.
Here’s the whole clause:
“3. Home Router Password Changes. Section 10.4 was updated to clarify that Verizon may in limited instances modify administrative passwords for home routers in order to safeguard Internet security and our network, the security and privacy of subscriber information, to comply with the law, and/or to provide, upgrade and maintain service. The administrative password for your home router is used to access the “administrative” controls for the router and to make changes to your router’s internal settings. We will use reasonable means to notify Subscribers whose home router administrative passwords are changed, which may include email notice to your Primary Email Address and/or an announcement on the My Verizon portal.”
Comments on: "Verizon Fios: Now More Intrusive Than Ever" (14)
I hate to find myself in the position of defending Verizon, but do they have some responsibility to deal with all the “CHANGEME”, “1234″, and “password” entries that are undoubtedly floating around out there?
If they are randomly going into peoples’ routers and changing passwords at a whim, that’s one thing, and I agree–stay the hell out.
OTOH, poorly-secured routers do represent a significant security problem, and it’s at least somewhat understandable that VZ might want to give themselves some coverage for dealing with that.
Pete,
You present a very balanced view to the situation, and thanks for commenting. Yes, poor router passwords are a problem, and this brings up the great issue of balancing control and privacy with security (think national IT infrastructure security).
However, in this case, rather than changing passwords couldn’t they just implement the usual strong-password requirements ?
-Matt.
Here’s a guess. It’s not just the users creating weak passwords, it’s Verizon FIOS themselves. With the updated agreement, they can now put a band-aid on a major security hole in their routers. It’s been long known that passwords shipped with Verizon’s crappy routers can be calculated using the publicly broadcast SSID/network names.
You can get onto just about any non-techie’s fios network by using tools like http://bit.ly/i1NZ3M to calculate their passwords. I’m pretty sure this hole still exists today. So instead of telling every customer how lame they are, they are going to give themselves the option to change passwords for routers whenever they see fit. Will it take someone getting hacked before they update the password? Will they only update default passwords that can be calculated? Meanwhile, it’s possible there will still be a large group of people who haven’t changed their admin password and be open to getting hacked.
Honestly I have no clue what the default password was when they installed it … I changed it straight away.
Here is an idea! How about ASKING users to change their password???
I think maybe you have a certain assumption about how your home network should be configured, and possible Verizon perpetuates this through having multiple ports on the device, that encourages you to treat it as part of your LAN, rather than a network gateway. If they moved the gateway/router into the box in your garage or on the side of your house, and made you run cat-5 to it from inside the house, and kept in in the telco side of the access box, would you still argue you ought to have the password for it?
I’m not necessarily opposed to read-only access to some functions of the device, but the real problem here is probably architectural. If the device is providing certain services to you, you’d kind of like to know how they are working. At the same time, Verizon and any other ISP has every reason to expect that the equipment which is essentially part of their network as well, provided by them, serviced by them if it breaks, etc. should be managed and configured by them.
Or am I missing something about your configuration? Is this your router rather than theirs?
Excellent point Andy, very valid. This is their device and essentially their gateway. I really should treat it as their own DTE and not CPE.
Yes, because it’s on my desk and has multiple ports and 802.11 I consider it part of my network, but you’re absolutely correct. It really isn’t, and I shouldn’t treat it as such.
This is why my VZrouter is in the “untrusted” segment of my network. Only thing on there is what I consider my edge router and my DVR boxes (via the coax network).
And I think it’s about time I do the same. As Andy pointed out, this is their equipment, not mine and I should be treating it as such.
Wow, I didn’t realize people actually read my blog …
You’re not _required_ to use Vz-provided equipment.
Get yourself a reasonable FW from your local CompAmWe store and hand theirs back to them.
Assign a secure password to it and be done with it.
Well, this bridges the coax to cat-5 for me, so I think I *do* have to have it, but as Mark and Andy pointed out I don’t have to have *only* this device.
Point taken though, “replacing” (or moving it elsewhere) has been on my todo list for a long time, it’s about time I prioritize that list.
CompAmWe store … not familiar with that one, but I’m sure TigerDirect or NewEgg will have just thing for me.
And don’t get me wrong, I still love having FIOS. The power of having more bandwidth at my house than most people have in their office is pretty awesome.
[...] Verizon Fios: Now More Intrusive Than Ever « Matt Fisher on …Description : If you have Verizon Fios then you probably don’t want to know that they maintain constant control of your router. Order some television services, and then take a look at all the port translation rules they automatically add. …http://mattfisher.wordpress.co .. [...]
I feel your pain, but I would at least check DISH Network out. I’ve been a customer there for four years, and would never switch, The service is awesome, my bill is low, I have the most HD channels in the industry and as a DISH customer/employee I can use the TV Everywhere app on my mobile device and watch, record, or pause live TV from anywhere in the world I get a 3G or wifi connection.
Well, I guess things are different between Verizon’s DSL and FiOS plans (aside from the obvious technological differences, of course). Back when I first signed up for Verizon DSL, I had to pay for the router.
(Naturally, my purchasing and owning the router did not stop them from flashing the device to their branded GUI after a few years into my service… but that’s a whole other rant.)
My point is, are you *sure* you don’t own the router? Are you leasing/renting it, or was it paid for in your initial “first payment + installation charges” and you perhaps didn’t notice, or paid for in smaller payments added to each bill for a year? If you’re leasing it, then of course Andy is right. But if you’ve already paid for it in full and now own it, then you certainly have every right to be angry about the new wording in the ToS… I certainly would be.
Then again, I don’t know the plan/package differences between DSL and FiOS; perhaps FiOS routers are retained by Verizon and leased to the customer. If that’s the case, well… I’m afraid you and other FiOS customers might just be SOL, I’m sorry to say.