Modem Reset on Its Own - Hacked?

archieduh on 16/07/2022 - 11:58

So I was out buying groceries and come back to find my WiFi network is not available.
I check the NBN box and the modem and see all lights on.
I couldn't figure it out but then it struck me that there is a network "Optus_XXXX" showing at top of the available networks list on all devices and with the highest strength.
I was then able to find the document of the modem which I got years ago from Optus and it was in-fact my modem factory SSID.
I could then login to the modem firmware and update my SSIDs to before (so I dont need to go through the pain of setting all "smart" devices' network settings).

But how could this happen?
I did have an NBN repair recently and have not been able to attend Optus's calls to confirm the issue is fixed. Could they have done something remotely and reset my modem settings?
Or some electric surge could trigger?
Or did someone hack my modem (:

Just really curious and couldn't find anything online of what could be the root cause.

Internet Modem Router

Comments

  • AndyC1 on 16/07/2022 - 12:08
    +3

    Was there a auto firmware update? It's from Optus.

    • archieduh on 16/07/2022 - 15:27

      Will call Optus to check. Thanks

  • pharkurnell on 16/07/2022 - 12:29
    +4

    since this happened, you have logged on and changed user and passwords, and all wifi settings haven't you as a precaution…

    • archieduh on 16/07/2022 - 15:29

      No.. should i?
      Just feel lazy to change those on so many devices..
      i couldn't think any way this was hacked (and based on below comments seems noone sees a possible outcome). I have monitored all devices connected to the modem tho and plan to keep on eye on that

      • spendybeans on 17/07/2022 - 10:06

        If you're even remotely concerned that you've been hacked at the Access Point, YES you should should log in and change the admin password.

        It's not good if you haven't changed your wifi passwords and someone got their device on your LAN.. But the worst thing you can do is let them in to your router.

        Admin password to router at a minimum. Better option is change anything that would let them into your network.

  • elgrande on 16/07/2022 - 13:35
    +5

    Please provide your IP so that I may log back in.

    • steven6 on 16/07/2022 - 14:57
      +2

      192.168.1.1
      Do you need my username and password?

      • archieduh on 16/07/2022 - 15:29
        +2

        Admin admin

        • USER DC on 16/07/2022 - 15:31

          P@ssword123 is a good one too

  • orangetrain on 16/07/2022 - 13:42

    Gladys is out to get you!

    • archieduh on 16/07/2022 - 15:31
      +1

      Took me a while (and her LinkedIn page) to get it.

  • pegaxs on 16/07/2022 - 14:08
    +1

    Those pesky "factory reset" hackers. They are worse than anonymous. Resetting people's modems. It's an outrage.

    • archieduh on 16/07/2022 - 15:32

      Worse than anonymous? Those V for Vendetta guys? I thought anonymous are the good people..

  • juzza87 on 16/07/2022 - 14:19
    +2

    I've seen this happen to so many consumer grade "routers" over the years, it probably overheated or hard crashed handling too much traffic and then factory reset.

    • archieduh on 16/07/2022 - 15:33

      Looking this up.. thanks

    • GordonD on 16/07/2022 - 16:10
      +1

      Not necessarily exactly this, but something like this, is the most likely scenario for a random an unintended factory reset. A memory bit flipped, or noise on an address line, or overheating, or simply a bug in the code, and the processor went to the wrong address and executed the wrong code.

      • trustnoone on 16/07/2022 - 19:01

        A memory bit flipped, or noise on an address line, or overheating, or simply a bug in the code, and the processor went to the wrong address and executed the wrong code.

        I think it could be this too. Likely overheat or something led the modem to reset, but when it tried to restart it maybe failed. After a few start up failures it may just auto-reset so that the modem is at least accessible again and not stuck in a start up loop.

  • poohduck on 16/07/2022 - 14:50

    why would a hacker reset? If they hacked in, wouldn't they try to remain anonymous, or reset the password to lock you out?

    • archieduh on 16/07/2022 - 15:34

      Yeah that's why i just posted if someone had any theories. For e.g. though Maybe the hacker tried to install a firmware and some built-in (i know i know) kill switch in the modem (i knowww) just reset the whole thing..

      • whatwasherproblem on 16/07/2022 - 18:06

        That's a crazier theory than that you're under active monitoring by ASIO and while you were out they quickly snuck in and replaced your router with one that was functionally the same as the one you had with the same factory settings but which would secretly divert through them all in/out Internet traffic, and you got home too quick for them to change the SSID but luckily for them you were apparently none the wiser.

  • AustriaBargain on 16/07/2022 - 15:38
    +2

    Have you criticised Israel recently?

    • archieduh on 16/07/2022 - 16:25
      +1

      No but i put pineapple on my pizza

  • Screamingeagle on 16/07/2022 - 17:09
    +2

    I had an old Telstra which I assume the CMOS battery in it went flat because whenever it lost power it would be factory reset and I had to set it all up again.

    • archieduh on 16/07/2022 - 19:04

      Thanks for sharing, will check..

  • JaneSong on 16/07/2022 - 17:10
    +3

    I believe this is a feature of TR-069. In the past I've heard other RSPs such as TPG has been able to turn off people's VPNs as well.

    • archieduh on 16/07/2022 - 19:05

      Thanks.. time to ring Optus

  • brian77 on 16/07/2022 - 18:01
    +1

    This exact thing happened to me many years ago. Not sure why it happened as well, but nothing untoward has occurred and acting is fine. I think you can rest assured nothing suspicious has happened.

    • archieduh on 16/07/2022 - 18:22

      Thank you for taking the time…

      • brian77 on 17/07/2022 - 11:36

        No worries, I meant to say *everything is fine. Since everything seemed otherwise normal, I figured it was the modem ‘resetting’ itself

  • [Deactivated] on 17/07/2022 - 07:08

    Quick, hide yo’ kids, hide yo’ wife

  • spendybeans on 17/07/2022 - 10:08
    +1

    Unlikely possibility is that it overheated and reset itself. Depending on the model, there might be a heat spreader. There will be some thermal paste under it. They don't do a good job putting that on these devices, nor do they (I think) use the good stuff. It ages and eventually doesn't do the job. If you had it working hard they can reset from the heat. It's unlikely if it's only happened once

    • archieduh on 17/07/2022 - 11:40

      Will observe.. thanks

  • Brendoo on 18/07/2022 - 02:50
    +2

    Your Internet provider normally has full access to your wi-fi router if they supplied it to you. They normally have a super-admin account and can do whatever they want. Normally they do firmware updates, restarts, push configuration updates to it. Normally they don't delete the SSID's you may have added, but it can happen.

    • archieduh on 18/07/2022 - 08:22

      Thanks

    • DoctorCalculon on 19/07/2022 - 00:55

      All of this is achieved under TR-069 which uses the Customer-Premises Equipment (CPE) WAN Management Protocol (CWMP).

      OP, if you view your router activity logs, you should see remote "heart beat" calls to your RSP every 30 minutes or so.

      RSPs will also lock down certain settings on their router, especially your ability to disable TR-069.

      This is why I always use my own router.

Login or Join to leave a comment
Login Join