Dear Mauritius Telecom,

I am a pretty happy customer of your company for several years now. Spare the phone line, I also had the ADSL 512, which got upgraded to ADSL 1M, and I now have Fiber at Home. I am satisfied with the speed bumps with the bonus that I was upgraded automatically and thus no extra fee to my subscription. For that, a very low bow of thanks. Furthermore, your FTTH landing page said that Fiber would be deployed in 2018 in L’Escalier, but I got it in August ’17. šŸ™‚

But, the same Fiber deployment, widely accepted by the public as anĀ ouf de soulagement is now raising some eyebrows regarding the security flaws detected in the routers. You may have heard/read about them but for the record i’ll link them below:

Continue reading

It’s been long since I’ve posted to my blog and this one will be a short post.

So, as the title says, this post is about some security flaws, we can call them, in those new FTTH modems deployed by MT in its fiber coverage project. I stumbled across it through a podcast by, a Mauritian group with technical abilities working towards Internet Security and Awareness. You can watch itĀ here.

The modems are from Huawei, precisely Huawei HG8245H.

Apart from the default username and password given to all modems; the telecomadmin thing, it seems that the telnet connection too has a default password.

Telnet in simple words is an uncrypted command line interface you use to connect to a device and communicate with it to get infomation, set parameters and the like.

So, apart from the usual Web Interface, you can connect through your modem, for the geeks or tech ethuiast out there, and configure your modem using command line using Terminal on Linux/Unix boxes or Putty on Windows machines. But, not only you.. anybody on your network can do it.. and clever enough; people from outside your network too.

Well, to save you from mishaps, I will not enumerate the endless things that bad-intended people can do with your modem under you command, DO NOT FORGET THAT YOUR TELEPHONE LINE IS NOW CONNECTED DIRECTLY TO YOUR MODEM, (understand unsollicited premium international calls or 303-Bolom-Noel calls [did many of that long ago šŸ˜› ];

  • First, change the default login password to the Web User interface by going to . Login and navigate to System Tools > Modify Login Password and set a hard-to-guess-easy-to-remember password. (Please do not forget or lose it, as it may be a hassle to get it back. Plus, you will need it when MT guys show up for some repair or service.
  • Next, disable the telnet service by moving to Security > ONT Access Control Configuration and UNTICK the ENABLE THE LAN-SIDE PC TO ACCESS THE ONT THROUGH TELNET.

That’s not all of the vulnerabilities. But, this should get you started at being more covered.

I wrote an open letter to Mauritius Telecom with solutions on how to counter the flaws. You can read it here:Ā

That’s for now friends. More blog post with awesome stuffs coming soon !!

By the way, I really like the FTTH service by MT, the step taken to provide better Internet Connectivity. Not enough but good leap forward. Thanks MT

Brief Update #1 – 17 Oct 17 – 00:00 GMT+4

There are two accounts (or maybe more) on the routers provided by MT. One with the username rootĀ and the other telecomadmin. The root one is just a customer User Interface with limited options, but the telecomadmin one has the features mentionned above. So make sure you get both of their passwords secured.


Till then,



Posts from others:


Image courtesy of

Following a Parliamentary Question [1] to the Prime Minister of Mauritius on Tuesday 19 April 2016 by an Opposition member, an widespread interest was created about telephone tapping in the country especially after what the Opposition member described as a van lurking around the house of opposition members in order to listen to conversations. Days later, Ā a weekly newspaper published a 3-page article [2] on the whole phone tapping in Mauritius and mentioned about an IMSI-Catcher which is basically a device that spoofs your mobile telephony provider’s Base Transceiver Station (In an nutshell, Base that connects your mobile phone to the telephony network) and acts as a middle-man between your device and the providers network thus capturing all of your communications. Out of my usual curiosity, I wanted to know more about it and clarify some doubts I had. I knew about the IMSI-Catcher technique and remembered an article by a hacker by the name of Simone Margaritelli who once assembled a relatively cheap bench rogue-BTS using a Raspberry Pi [3] that, if tweaked, could be used for that same purpose, intercept communications. I contacted him and he very kindly accepted to reply to my questions.

Continue reading

Devices are everywhere; from around our wrists to inside our pockets to huge server farms. Those Engineering excellency are roughly metal structures with electronics components and one of the intangible marvel of the human mind inside them – The Software; those piece of code that make sense to everything. People either take writing those codes as their job or their hobby; but when the two are mixed, great stuffs happen!

Usually, important softwares and application are written by several programmers from one specific company or from developers around the globe contributing on the same project. One of the latter is Logananden Velvindron, a Mauritian coder. (about whom I wrote some time back). He helped to fix bugs on critical systems or wrote improvements to existing softwares. The great news is that, some times his improvements are deployed on production servers and systems from famous companies like Google! The latest in date is from CISCO which implemented an updated version ofĀ ntp which happens to contain Logan’s code. On that occasion, I paid Logan the usual virtual visit and got a little word from him. šŸ™‚

Continue reading

Following articles on major Technology websites[1] about the Find my phoneĀ feature from Google, I decided to give it a try. The articles mentionedĀ that typing “Find my phone” in GoogleĀ Search shows the location of your phone. Mine did not show anything interesting, as I disabled all location services on my phone. Well, they say that everything you want, you simply Google it. So, if your phone is lost, just.. Google.. it!Ā lolĀ 

This article will be quite a short one and different from previous ones.

Continue reading