SunRocket is an Immoral Company

Are you aware that SunRocket's Gizmo (the InnoMedia SIP MTA 6328-R) leaves WAN ports 80 and 23 open for all the world to access? As if that's not bad enough its setup doesn't let you turn off this type of WAN access with the firmware that ships with the Gizmo. And as if that is not bad enough SunRocket does not tell you any of this! This is just outrageous. If you're going to do business with this company put their Gizmo behind a router. At least change the gizmo's password. As for me, I'm shipping their gizmo back tomorrow and going to get my money back.

Reply to
Angry SunRocket Customer
Loading thread data ...

Sounds more like they're technically clueless, rather than "immoral".

"Try never ascribe to malice that which can easily be explained by negligence".

Reply to
Philip J. Koenig

Understand the security concern and agree the unit should be behind a router. Putting it behind a router also saves bandwidth (don't know why but try it run speed test before & after)

If port 80 is open, that would seem to indicate there might be a way for us to 'user configure' it. I'd love to reconfig Ethernet port to fixed 10mb rather then 'autosense'

Reply to
Terry Smith

Have you called their support? Web access is an option which they can turn off.

Jonathan

Reply to
Jonathan Roberts

They told me it had to be open so they could service the device. I've sent their device back and am awaiting my refund. I'm not going to be involved with a company that careless or clueless.

Reply to
Angry SunRocket Customer

Guess I don't quite see the problem since it's only the voip router that could be compromised. Since it has a firmware binary type OS all one's going to get is a config menu. Even if it was cracked, suspect only way to mod code would be thru a tedious TFTP type procedure. Hacker most likely will do something more productive. There are things abt SR service overload that annoy me but having these 2 ports open seems neither immoral or clueless.

They told me it had to be open so they could service the device. I've sent their device back and am awaiting my refund. I'm not going to be involved with a company that careless or clueless.

Reply to
Terry Smith

So you have no problem with this company exposing access to the device's config login over the Internet via unsecure ports? Why do they even need to expose these ports to the Internet at all? And of course they don't mention this potential security issue at all in any of their documentation. You have no problem with any of that?

Reply to
Angry SunRocket Customer

Perhaps I'm just missing something but just having port 80 open doesn't mean you have access to unit. Most likely their NMC has a database of unique ID's like the MAC Addr that works with some add'l authentication. Next even if you cracked the thing most likely it would be much more of a headache for SR compared to end user.

Anyone else know something about this?

So you have no problem with this company exposing access to the device's config login over the Internet via unsecure ports? Why do they even need to expose these ports to the Internet at all? And of course they don't mention this potential security issue at all in any of their documentation. You have no problem with any of that?

Reply to
Terry Smith

I went across town to a friend's computer, connected to the Internet on his computer, brought up Internet Explorer and http'd to my IP address and I was able to log in to my SunRocket Gizmo. I would bet you a thousand dollars that the overwhelming majority of people who use SunRocket do not change the Gizmos default password. If you knew the IP address of a SunRocket user and they didn't change the default password on their Gizmo you or anyone could easily log into their Gizmo. With this kind of a situation SunRocket and their users are asking for trouble. Keeping WAN ports 80 and 23 open for access to the Gizmo's settings (including the ISP login settings) for the average SunRocket user is idiotic and asking for problems.

Reply to
Angry SunRocket Customer

Well that certainly is interesting. Wow

I went across town to a friend's computer, connected to the Internet on his computer, brought up Internet Explorer and http'd to my IP address and I was able to log in to my SunRocket Gizmo. I would bet you a thousand dollars that the overwhelming majority of people who use SunRocket do not change the Gizmos default password. If you knew the IP address of a SunRocket user and they didn't change the default password on their Gizmo you or anyone could easily log into their Gizmo. With this kind of a situation SunRocket and their users are asking for trouble. Keeping WAN ports 80 and 23 open for access to the Gizmo's settings (including the ISP login settings) for the average SunRocket user is idiotic and asking for problems.

Reply to
Terry Smith

When I attempt same I get a logon window but I still need password - It looks like this This unit is password protected

Please enter the correct password to access the web pages

I went across town to a friend's computer, connected to the Internet on his computer, brought up Internet Explorer and http'd to my IP address and I was able to log in to my SunRocket Gizmo. I would bet you a thousand dollars that the overwhelming majority of people who use SunRocket do not change the Gizmos default password. If you knew the IP address of a SunRocket user and they didn't change the default password on their Gizmo you or anyone could easily log into their Gizmo. With this kind of a situation SunRocket and their users are asking for trouble. Keeping WAN ports 80 and 23 open for access to the Gizmo's settings (including the ISP login settings) for the average SunRocket user is idiotic and asking for problems.

Reply to
Terry Smith

Right. That's why I said if anyone knew the default password they can get in. If you search around it's not hard to find out what the default user name and password are.

Reply to
Angry SunRocket Customer

Hi Angry - Like to discuss a few things off-line My email is legit - How bout dropping me note

Right. That's why I said if anyone knew the default password they can get in. If you search around it's not hard to find out what the default user name and password are.

Reply to
Terry Smith

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.