TM Unifi installs a Backdoor on every single Unifi router

BolehVPN on Twitter
June 7, 2010
Seedbox Users: Vote for HTTP or FTP Download
June 8, 2010
Show all

TM Unifi installs a Backdoor on every single Unifi router

I just came across this article recently and was really shocked to find out that:

  1. Unifi installs a user account in the router that allows remote access by TM staff
  2. This remote access login was the same for ALL Unifi users (now rectified). This basically means that anybody with the login, could potentially gain access to your router
  3. This was not made known to TM users.
  4. You can actually use your own router if you know how to configure it. The reason why they require you to get THEIR router is so they have this remote access user installed.

The ramifications of these are serious and possibly if this was done in any developed nation, there would have already been legal suits:

  1. Turn your router into a proxy, if he commits any crimes online it will be traced back to you instead and you will take the fall for it
  2. Use your 10/20mbps Unifi account so he doesn’t have to pay for his
  3. Use up your bandwidth quota (once quotas are implemented) as much as he wants and you will pay for it
  4. ‘Spy’ on your Internet connection and view every site you are visiting
  5. Forward all connections to your home PC using DMZ, making your home PC completely vulnerable to Internet attacks.. if you have an open NAS (network attached storage) on your home network, he will be able to access all your files

TM has now posted an announcement on this where they have given everyone a unique password for the remote access login instead of having the same password throughout but yet still recommends that remote access remain enabled for ‘technical support issues’.

Telekom Malaysia Berhad (TM) wishes to clarify the concerns raised by various parties with regards to the remote accessibility of UniFi routers which are part of the customer premises equipment (CPE) for all UniFi subscribers.

TM would like to assure all concerned parties that the only reason the UniFi router setting for remote access is enabled is for remote access troubleshooting purposes for the express use of our technical support personnel. In the event there is a technical support issue with any of our UniFi subscribers; at the first level of troubleshooting, TM’s network operation centre (NOC) can immediately remotely diagnose the problem before sending a support team on-site.

TM takes note of the security concerns that have been raised, and we have taken these issues to heart.

TM also acknowledges that there is a need to balance the public’s level of comfort with regards to security and privacy and TM’s own commitment to faster support turnaround time. As such, TM would like to maintain the higher level of service enabled by remote access management on customer routers, and in recognition of that TM will immediately change  every UniFi customers’ router management password into a high security, unique one (which will be only known to the customer and TM). TM will notify all our Unifi customers of this change accordingly.

This is simply despicable and utterly unacceptable behaviour. Take heed and disable your remote access management accordingly.

You can do so by unticking remote management and if you have a firewall on it, block all the ports (TCP 22/23/80/8080/443) from WAN access.

Thanks to rizvanrp and everyone else who brought this issue to light.


  1. Aaron says:

    only affect TM users?

  2. Raymond says:

    Single password. They always have to do things without thinking first.

    Few years ago:
    Most Streamyx account password back then was tmnet123.
    When you know a person’s streamyx user name, you can most likely access to the TMOnline with tmnet123 as password and grab all the personal information such as IC number, home address, home land line number and etc.


  3. Robin says:

    In europe they would have been punished severely!!!
    Even after the admission they still want to keep the password in their hands, when and if the password is needed the user can give it “temporarily” to the technical support person, they have no good reason to keep it in their messy hands!

  4. Louis says:

    Reuben, GREAT INFO. Gonna get my Unifi soon. Thanks for the great info. I wann ask, can i use my own router instead of TMNETS 1?

    • Reuben says:

      Louis: You should be able to if you know the appropriate settings (which I don’t since I don’t have Unifi) but I think it’s best to let them install their router (I believe they use a D-link DIR-615 which is pretty decent router) and then disable the remote access management rather than confuse them, or worse they might refuse to give you support or blame your router.

  5. wilson ko says:


    Have anyone thinking of using our own equipment intsted of using theirs. now problem the have their own custom setting which did not allow us to use our own equipment. is there anybody would do a petition to complain abt it??? monopoly the internet service provider now wanted to force use to use their equipment. Maybe next step in the future force to buy their euipment too….. think abt it ?

  6. rizvanrp says:

    Hey Reuben D:

    Riz from LYN here.. *ex-bolehvpn user* hehe

    Thanks for posting this here. Just for clarification, TM hasn’t done anything at the moment except attempt to block the affected ports. Pretty useless solution and it prevents Unifi users from using their connections to host certain services.. and everyone is still at risk.

    Anyway, it’s already possible to use your own hardware with Unifi. I’ve uploaded the guides on my site — for those who are interested. It’s a compilation of everything we’ve discovered and discussed on the LYN forum’s broadband section over the past 2 months. There are some happy Unifi users using their own hardware with the service at the moment 🙂

    cheers D;

  7. Louis says:

    Riz, thanks for the clarification. When I get my unifi, I can use it in peace and no need to worry about TMNET or intrussion. Thanks again

  8. Chopsticks says:

    Too weird today i had to call up unifi because i was getting 3mb instead of 10mb. Traced my ip all the way to balikpapan indonesia :S.

    I called them up telling them the problem and the scary part was he asked if i changed the password to my router because they couldn’t access it. He finnaly got through now im just waiting for them to call back.
    I don’t know if my problem has anything to do with this article but somehow the password to my router was changed and not by unifi either so i guess as the article said anyone could log into the router….crazy shit.

  9. Geoffk says:

    But if you use your own hardware, what about the 4th channel on the DIR-615 that is dedicated to the TV channels? Can you program that into your own hardware too?

    I’m no expert in all this so maybe someone out there can clarify.


  10. rizvanrp says:


    My VLAN bridging guide does not affect that feature of the DIR-615. Since you’re just using the DIR-615 as a ‘pass through’ device.. you can keep your set top box plugged into it while your own router is plugged into another LAN port on the DIR-615.


    Scary indeed. Make sure you read the security guide and set up the passwords for your ‘admin’ and ‘operator’ account. Your router was most likely compromised by someone else if you and TM did not change the ‘operator’ account password.

  11. david says:

    i an considering using UNIFI – but replacing the WIFI router with a wired router. I want to reduce the amount of DNA-distorting radiation my family receive. Has anybody done this with UNIFI ? success? pain?
    thanks for interesting blog.

Leave a Reply

Your email address will not be published. Required fields are marked *