Something odd happened today: According to the InControl log, InControl changed the settings on all the devices in a particular group of ours - and the only change (as far as I can tell) was to reset the router admin username back to the default “admin” (this group’s routers all have changed their admin name from the default). This all happened around 20:30 PDT June 3.
So:
- Did something happen at/with/to InControl about that time (my preferred scenario)?
- If not, then somewhere in our InControl account something got hacked, which brings me to the feature request: Is there some way to learn what changes were made when the log reports “changes applied”. For post-hoc analysis this would be very helpful (mostly in cases of troubleshooting generally, of course).
@zegor_mjol, we are rolling out the update on IC 2.7 today. Unfortunately, there is a glitch in the system that causing your reported behavior, this is much regretted.
Below are the details of the incident.
-
Affected Period:
04 June 2018, 03:17 - 04:20 GMT+0
-
Condition Triggered The Issue:
If [Device Web Admin Authentication] => Enabled
In [General] > [Admin User Password] => Device managed
-
Who Is Affected?
Only the devices you managed with above (item 2) mentioned settings
-
Action Taken:
IC2 Team fixed the bug immediately once they discovered on after upgraded to 2.7
IC2 Team has scanned and checked all devices in other organizations. Confirmed no other devices affected
2 Likes
Thanks for the update - it was a relief to learn that it was a glitch rather than somebody breaking in.
Made for a good security audit with some hardening of potential attack surfaces 
