cancel
Showing results for 
Search instead for 
Did you mean: 

AVM (Fritz!Box) announces security issue

w23
Pro
Posts: 6,347
Thanks: 96
Fixes: 4
Registered: ‎08-01-2008

AVM (Fritz!Box) announces security issue

Alert received Thursday:
Quote
Important security information for all FRITZ!Box users with MyFRITZ! service enabled
You are receiving this message as a user of AVM MyFRITZ! at the e-mail address registered with this service.
In recent days there have been several reports of fraudulent use of telephone services connecting through FRITZ!Box routers. AVM has notified its customers and published revelant security instructions. How this abuse has taken place has yet to be established conclusively.
As a temporary safety precaution, AVM recommends that all FRITZ!Box users disable Internet access to the FRITZ!Box via HTTPS (port 443). This also disables access to your FRITZ!Box user interface from any location using MyFRITZ!. Please go to www.avm.de/en/sicherheit for brief instructions.
After disabling Internet access via HTTPS (Port 443), FRITZ!Box services like MyFRITZ! and FRITZ!NAS are no longer available and the FRITZ!Box user interface can no longer be accessed from on the go. But you can continue to use all Internet and home network applications safely at home.
If you saved e-mail addresses in your FRITZ!Box, for example to use push service, we recommend changing the mail password at your e-mail provider for this mail address as a precaution. Any other e-mail addresses not stored in the FRITZ!Box are not affected.
See www.avm.de/en/sicherheit for the latest news. We will inform you as soon as you can resume using both services without restrictions.
If you need further support, our support team with experts on this topic is ready to assist you: contact us at security@avm.de or call +49 30 39 004 554.
We apologize for the temporary limitations to access from on the go, but have decided to recommend these instructions as a securtiy precaution.
Best regards
AVM GmbH

And fixes it today (Saturday):
Quote
Important security information for all FRITZ!Box users with MyFRITZ! service enabled
You are receiving this message as a user of AVM MyFRITZ! at the e-mail address registered with this service.
In recent days there have been several reports of fraudulent use of telephone services connecting through FRITZ!Box routers. AVM has notified its customers and published revelant security instructions. How this abuse has taken place has yet to be established conclusively.
As a temporary safety precaution, AVM recommends that all FRITZ!Box users disable Internet access to the FRITZ!Box via HTTPS (port 443). This also disables access to your FRITZ!Box user interface from any location using MyFRITZ!. Please go to www.avm.de/en/sicherheit for brief instructions.
After disabling Internet access via HTTPS (Port 443), FRITZ!Box services like MyFRITZ! and FRITZ!NAS are no longer available and the FRITZ!Box user interface can no longer be accessed from on the go. But you can continue to use all Internet and home network applications safely at home.
If you saved e-mail addresses in your FRITZ!Box, for example to use push service, we recommend changing the mail password at your e-mail provider for this mail address as a precaution. Any other e-mail addresses not stored in the FRITZ!Box are not affected.
See www.avm.de/en/sicherheit for the latest news. We will inform you as soon as you can resume using both services without restrictions.
If you need further support, our support team with experts on this topic is ready to assist you: contact us at security@avm.de or call +49 30 39 004 554.
We apologize for the temporary limitations to access from on the go, but have decided to recommend these instructions as a securtiy precaution.
Best regards
AVM GmbH
Call me 'w23'
At any given moment in the universe many things happen. Coincidence is a matter of how close these events are in space, time and relationship.
Opinions expressed in forum posts are those of the poster, others may have different views.
2 REPLIES 2
dragon2611
Grafter
Posts: 283
Registered: ‎20-10-2013

Re: AVM (Fritz!Box) announces security issue

I assume that's a mispaste the 2nd time around  Undecided
Either way http://www.avm.de/en/Sicherheit/advice.html has details of updates or if there isn't a patch suggests turning off remote access and checking the telephony settings
Guessing some kind of remote exploit against their webserver or a default password that's insecure/known.
w23
Pro
Posts: 6,347
Thanks: 96
Fixes: 4
Registered: ‎08-01-2008

Re: AVM (Fritz!Box) announces security issue

Oops!  Embarrassed
Sorry, here's what the second paste should have been:
Quote
Security Update Available for Your FRITZ!Box - Please Install!
You are receiving this message as a user of AVM MyFRITZ! at the e-mail address registered with this service.
For your FRITZ!Box AVM has made a security update available to prevent any further attacks. We urgently recommend installing this update. 
Two steps to the update:
Open the user interface of the FRITZ!Box by entering fritz.box in your web browser.
Click "Update" in the "Wizards" menu and follow the instructions.
If you used remote access previously, it cannot be ruled out that your access data and additional passwords may have been stolen. AVM urgently advises you to change all passwords and login data stored in the FRITZ!Box. These include, for instance, the password for the e-mail account used for push service and the password for free VoIP providers like sipgate.
For instructions on this see the AVM Security pages.
We regret any inconvenience and temporary restrictions to your Internet use this may cause. After the update remote access and MyFRITZ! can be used securely again.
Call me 'w23'
At any given moment in the universe many things happen. Coincidence is a matter of how close these events are in space, time and relationship.
Opinions expressed in forum posts are those of the poster, others may have different views.