The details as they appeared when logged in via SSH or Telnet. Identifiable information redacted. Optus' own documentation warns customers against using default and dumb passwords. It appears the flaw was left in place deliberately by Optus to administer cable modems remotely, and was overlooked by helpdesk staff when assisting subscribers. It allowed those on the Optus network, or hackers with access to a computer on the network, to access the modems remotely. "I was actually quite shocked and I guess a little concerned because I had access to this information and I didn't know what to do with it," Alex, from Sydney, said. "I actually contemplated picking up the phone and speaking to Optus and then I kept on thinking to myself that there's probably going to be some adverse repercussions for doing that."

Gateway to your home: a flaw in Optus cable modems allowed those with technical knowledge to gain access to it remotely. Credit:Netgear Instead, he anonymously posted about it on Optus' community forum on March 7. When no one responded, Alex contacted Fairfax Media. "A large organisation that offers services Australia-wide should not have this vulnerability," he said. "Someone could write a program that could just sit there and scan and collect all of this information and build a database. "What's stopping anyone else from doing that? Nothing. This is a real security issue."

With access to the information stored on the modem, a hacker could hijack an Optus customer's phone number and see their call history, turn off or change Wi-Fi settings, lock users out, and install malicious software on personal computers to steal data. Australian security expert Troy Hunt said there was potential for hackers to do what "they liked" with the modem and the access. Netgear said the remote access was left on to allow Optus staff to log in to modems remotely "for diagnosing network problems to improve customer experience". Remote management tool The remote management tool, known as Secure Shell, or SSH, was the tool left with the default password in place. Such a tool is not typically needed by home internet users. It is used by those with technical knowledge to make quick changes to modems without requiring interaction with users. Another remote access tool, Telnet, was also left with the same default password.

Optus said the remote access was only used in rare cases by its staff for urgent deployment of updates to individual subscriber's modems on a case-by-case basis. It deployed a fix for the flaw on Thursday. Fairfax Media gave Optus time to secure the modems before publishing. Why no one thought to change the default password to something more secure remains unclear, particularly given that a number of Optus staff would have had to type "admin" into a command-line when administering subscribers' modems. A security review is now underway, Optus said, adding that the Privacy Commissioner would be notified. How it was fixed The company's fix was to use another administrative tool to update each modem's configuration and change user name and password combinations to something more complex. It knocked customers offline for about three minutes on Thursday and forced each modem to restart to enable the updated configuration. Optus said it did not detect any peaks in SSH or Telnet traffic that would indicate the flaw had been used widely by hackers before it was fixed, but didn't rule it out.

"Optus takes privacy and security very seriously, and at this stage we have found no evidence that this vulnerability has been breached," an Optus spokesman said. "We will be undertaking a thorough review of our processes to ensure that this type of issue does not reoccur." Hunt said the flaw was serious and suspected Optus would likely never know for sure whether it had been used by hackers. He recommended Optus do a full audit of all its IT systems. "If there is something so fundamental as a default password on a large number of devices that's been rolled out to so many locations ... what other things have slipped under the radar given that there's clearly a lack of quality control going on there?" he said.

"Often it's one of those things where there's smoke there's fire." Netgear said it did not introduce the configuration problem and added that the CG3000v2 modem was only supplied to Optus, not other telcos. "A potential configuration vulnerability is serious but can be patched very quickly, this is not due to a bug in the product itself," a Netgear spokesman said. *Alex is a pseudonym. He chose not to be identified for fear of legal action.