

Important security information for FRITZ!Box users - neonlex

mportant security information for all FRITZ!Box users with MyFRITZ! service enabled<p>You are receiving this message as a user of AVM MyFRITZ! at the e-mail address registered with this service.<p>In recent days there have been several reports of fraudulent use of telephone services connecting through FRITZ!Box routers. AVM has notified its customers and published revelant security instructions. How this abuse has taken place has yet to be established conclusively.<p>As a temporary safety precaution, AVM recommends that all FRITZ!Box users disable Internet access to the FRITZ!Box via HTTPS (port 443). This also disables access to your FRITZ!Box user interface from any location using MyFRITZ!. Please go to www.avm.de&#x2F;en&#x2F;sicherheit for brief instructions.<p>After disabling Internet access via HTTPS (Port 443), FRITZ!Box services like MyFRITZ! and FRITZ!NAS are no longer available and the FRITZ!Box user interface can no longer be accessed from on the go. But you can continue to use all Internet and home network applications safely at home.<p>If you saved e-mail addresses in your FRITZ!Box, for example to use push service, we recommend changing the mail password at your e-mail provider for this mail address as a precaution. Any other e-mail addresses not stored in the FRITZ!Box are not affected.<p>See www.avm.de&#x2F;en&#x2F;sicherheit for the latest news. We will inform you as soon as you can resume using both services without restrictions.<p>If you need further support, our support team with experts on this topic is ready to assist you: contact us at security@avm.de or call +49 30 39 004 554.<p>We apologize for the temporary limitations to access from on the go, but have decided to recommend these instructions as a securtiy precaution.<p>Best regards<p>AVM GmbH
======
thaJeztah
Aparently, this is not just an advisory, but this issue has already been used
'in the wild'. Hackers have been able to make VOIP calls through users modems.

Even worse, AVM decided to store password only encrypted (and, as turned out,
easily de-cryptable), not hashed! I am very surprised that such a well-known
manufacturer took security so lightly. Storing password almost in plain text
in 2014 is just not tolerable.

Class action lawsuit anyone?

