Jun 16, 2013

Huawei Echolife BM622 Protection against FWD

The Huawei Echolife BM622 4G WiMAX Broadband wireless modem router is one of the Globe Telecom legacy CPE device which is prone to FWD aka "Firmware Destroyer" this can be exploited remotely via TR069 even other ports is disabled from WAN such as HTTP, Telnet and SSH are among common protocol by default are open used as backdoor not only by Admin ISP but also those who are malicious.

The result of this insecure CPE device from Huawei Technologies supplied to ISP such as Globe Telecom loss it profit significantly due to rampant gateway spoofing. Another issue have face by legit subscribers are the so-called "Blank WAN" and "Tulala". These two bad ideas are the works of those netizens who wanted to have an unlimited FREE internet connection disabling the innocent legit user and spoofed as a legit by uploading corrupted firmware. 

Similarly, because of frustration by Admin ISP of uncontrollable spoofing technique done by malicious netizens able to access FREE internet connection to their network because of poor and unsophisticated NOS, legit subscriber suffer also "Blank WAN" and "Tulala" due to undetermined legal CPE device of users.

Remember  the so-called Firmware Destroyer, Blank WAN and Tulala is also happening to legit user and not only to those who spoof. This tutorial and screenshot will help you prevent your Huawei Echolife BM622 4G WiMAX Broadband wireless modem router CPE device by being updated remotely by any malicious people.

First, navigate to Advanced menu under CWMP sub-menu you will see TR069 you must disable it and save it.

Second, still on Advanced menu navigate to ACL on the WAN side unchecked the HTTP, TELNET & SSH in order you will not be prone remotely via these ports (80, 23,22).

Then also navigate to Security sub-menu under Advanced menu, you must enable the URL Filter and chose Filter Mode to Black, input the IP address of TR069 ISP Server so that you will not be reachable by any updates such as firmware and security issue.

Lastly, set the Security Level to High this is still under the Advanced menu,. Security sub-menu Firewall and then click Apply. That's all you are already done, this has been tested almost two(2) years from now on. There is an alternative on how-to protect your BM622 from the disaster mention above its a Hardware Protection a single or dual switch that will let your BM622 in write-protected state once the switches is ON, but its not safe to "Blank WAN" and for "Tulala" it will only save you from being "Firmware Destroyer" aka FWD.


Post a Comment