After D-Link and TIME Internet, TM earlier today has finally released its official statement regarding the security issues within the DIR-850L router which was widely distributed among its UniFi customers. The company has confirmed that it is already looking into the issues that were highlighted in several security advisories that were published online since earlier this month.
Here is the statement, in full:
Telekom Malaysia Berhad (TM) is aware of the issue and would like to state that it has investigated the vulnerabilities of the router.
We wish to highlight that remote management function in the current D-Link DIR-850L router supplied by TM is disabled by default. In the meantime, customers who have enabled the remote management function are advised to disable it and use strong passwords for their Wi-Fi to minimize the risk of their device being compromised.
D-Link is expected to release a new firmware on 21 September 2017. However, following the release of the firmware, TM would need to perform full security and service testing to ensure the new firmware is compatible with all our services. The new firmware is expected to be officially released in 2 weeks’ time.
TM would like to emphasize that product security and customer privacy are important concerns to us. We continuously work towards mitigating any risk of potential harm and take the necessary steps to address evolving security issues and implement appropriate security measures.
As you can see above, there are indeed a number of interesting remark within TM’s statement. One of them is the fact that the remote management function is already turned off which should make the units that TM provide to its customers sounds a little bit safer although let’s not forget: there are still plenty of other issues within the router as per what have been highlighted by security researcher Pierre Kim.
Other than that, TM also points out that it need to analyze the new firmware which will be released by D-Link later this week. This open up to the question whether TM customers should download the new firmware that will be rolled out on 22 September (not 21 September as stated by TM) directly from D-Link or wait for further instructions from TM.
With that, we have reached out to TM in order to seek the answers for these additional questions. So, stay tuned.