I have AT&T Uverse for Internet access and officially challenge them to show me how they are committed to their customers’ security. If you’re an AT&T customer and think your family’s Internet security is not your responsibility, then you can assume that none of your devices on your home network are protected.
I had experienced some slowness issues and decided to to log into my AT&T router to check the event logs. The router is the equipment your Internet provider installs to connect you to the World Wide Web and every person with Internet access has the capability to do this.
I went to the event log and saw some unusual activity that a simple Google search couldn’t identify. As I had read about hackers using routers to launch DDOS (distributed denial of service) attacks, I grew concerned and called AT&T customer support. I had an interesting dialogue with the representative. Here is a summary of our conversation:
- Me: I’m having network slowness issues.
Rep: Reboot your computer.
- Me: I did that.
Rep: Check your speed.
- Me: I did that. The issue is that I saw strange activity in the router event logs.
Rep: You need to run a virus scan.
- Me: That’s not where I have an issue. It’s with the router; my computer will not show the issue.
Rep: Don’t worry about the event logs. You can clear the logs and you won’t see the problem anymore.
- Me: But if I see strange activity, clearing the logs won’t solve the potential malicious activity that might be going on. Can you walk me through updating the firmware?
Rep: You need to reset the router back to factory defaults. That should fix the issue.
- Me: But that won’t install any security patches that I am needing. Plus, then it changes my password pass to the default, which is the same for every customer. I don’t want to do that.
Rep: You don’t have to do anything once we install the router.
- Me: So this device AT&T gave me will never have any new vulnerabilities. That sounds a bit naive.
Rep: You’re probably right. Why don’t you go to the manufacturer’s site to figure out how to do this.
- Me: Are you sure that AT&T will give me permissions to do that?
Rep: If you can’t install it yourself, then you’ll have to pay for our Advanced Configuration service to do it.
- Me: So if AT&T restricts my ability to have a secure router, then I have to pay AT&T to do this?
Rep: As an alternative, we can just send you a new router. It only costs you $4/month more for leasing it.
- Me: But I don’t pay for a router today.
Rep: That was part of a promotion that we don’t allow anymore.
At this point, I decided to pursue other ways to protect my home network. OpenDNS has a free service for home users that basically ‘filters’ the Internet traffic and delivers only ‘safe’ traffic. To enable the service, I had to make a change on the AT&T router and couldn’t find the settings for this. I found this on an OpenDNS help page:
“Unfortunately, due to the firmware restrictions that AT&T has placed upon UVERSE-enabled devices, it is not possible to change the DNS settings on these devices. This is a limitation due to AT&T and unfortunately cannot be changed.”
I could put in another router behind the insecure AT&T router, but I find it unbelievable that not only does AT&T deny the customer basic security services but also won’t allow a customer to protect themselves. Remind me what I’m paying $175/month for? It’s definitely not security.