I’m not sure where to begin but sometime this summer someone hacked my cellphone. This led to my computers being hacked. I thought that they were getting in through my Comcast router modem so I ordered a pepwave surf Soho MK3 from the 3-g store. Well ever since then things have seemed to get worse.
I’ve spent many sleepless nights trying to figure out exactly how this hack works. It appears that both my cell phones and my computers have two profiles. I’ve discovered hidden partitions that somehow run concurrent with each other. Somehow my computers and phones are also running on a Cloud Server.
To be honest I’m not even sure that this forum is on the “real” internet.
The hackers are using DNS spoofing along with a whole bunch of other nasty software. They are using WiFi and Bluetooth along with cell phone signals.
Now regarding this surf Soho router, I registered it on incontrol 2 but discovered that whoever the hacker was hosted the control panel on their own server. So it appeared that I was making changes to my router but when the router reset it was receiving instructions from somewhere else.
Today for the first time I switched to a Netgear router and was able to bring up the in control page not the incontrol2 page. I tried to register my product on that page and it told me that it was already registered. I figured in that case I should be able to login to incontrol. When I tried it said that my email address was not on file. My Administration panel says that the firmware I have is 7.0.3 1206
I saw on here that someone mentioned that the same firmware controls yet a different router.
So what I firmly believe is my router is in fact registered on the original incontrol and everytime I reset my router it is getting its programming information from there so no matter what I do on incontrol 2 doesn’t make any difference.
Through some testing on my laptop I found that the router is putting out two signals. One is open and one is password protected. So somehow my computers and cell phones are being exploited this way.
I own two companies and I’m more of a hot rod mechanic then a computer programmer. Over the last few months I’ve tried my best to educate myself on how all of this works but it’s a little bit above my pay grade one thing I do well though is figure out how things work. I’ve found evidence to support my theory of the hackers cloning my phone and using it on the same account. It’s a real Twisted mess but I’m going to need some help on how to get rid of these low-lifes. I know that I will never find them and God help them if I ever do. They may think what they’re doing is funny but I have a completely different opinion and I have very strong ideas about what should be done to them. I have spent my life building companies and being a useful member of society. They contribute absolutely nothing except ways to destroy people’s lives If anyone can help me out please get in contact with me.
Hi John, I’m sorry to hear of your troubles. The same thing happened to me. I’m afraid I can’t offer you advice regarding internet security as I’m here for the same reason.
All I can say is when my phones were cloned and mirror accounts were made on my computer, the virus was hardware related because I got new SIM cards, removed hard drives, reset router to factory settings and they were still there.
I had to dispose of my phones and laptop because a hardware or bios virus is basically impossible to remove.
I hope you find a remedy here.
Call me paranoid but I was reading about outer firmware vulnerabilities back in 2016 that led me to dumping my old spares and upgrading to new supported models. And my own modem.
IoT = a hacker’s dream and I doubt security will ever be the forethought and get the attention and resources it needs.
Are you using VPN on your phone(s)? Have a backup spare?
There’s no perfect defense probably. Sales of Xanax are up!
Well it appears I am a victim of the dark net… dark web… or whatever it’s called.
Basically a world of losers and criminals that couldn’t “hack” it in the real world so they decide it’s easier to steal from honest hard working people. People that have convinced themselves that what they are doing is somehow morally acceptable. That they have a right to what we earn because we are too stupid to protect it. They a cowards that hide behind keyboards. They would never actually break into my house because if they did, they would quickly have a .44 slug embedded into their brain. I’m going to get rid of this pepwave router because it is riddled with security flaws. In all honesty, a 2yr old could break into this router.
Time to get these lowlife criminals removed from my world.
I have news for you… read my new post. This router has a serious security flaw. It uses firmware that is controllable from both the incontrol and incontrol2 dashboard. Plus you can host your own dashboard on your own server. So I can register your serial number on one to control it and then host a control dashboard on a dummy server to make you think you’re controlling it. I’ll bet you that every single person having issues with the changes they make on their incontrol account not taking effect on their router is hacked using the same methods as me… SERIOUS SECURITY FLAW!!!
They need to isolate the firmware and not have firmware that is controllable from both dashboards.
On routersecurity.org it mentions an attacker registering a device on incontrol (excerpt below) however you can disable incontrol on the device itself in the local settings you can disable “incontrol management” surely this isnt over-ridden if an attacker registers the serial on incontrol?
So if you are an end user and just have one or two devices and dont want/need to use incontrol then you can just disable this option locally in the config. I suppose the bigger question is can this be remotely over ridden and re-enabled?
From the site
“There is a hidden danger to the fact that bad guys can learn the router serial number - they can register the router with Peplinks remote control service, InControl2 - if the router has not already been registered. So, 3Gstore suggests, that even if you are not using InControl 2, you should create an account and register your Peplink router for the sole purpose of preventing a bad guy from registering it. Routers registered with the InControl 2 service can be remotely controlled.”
I’m really trying to wrap my head around this. So first I would have to
download a clean copy of the firmware. Then buy another computer that has
never touched my network. Plug the router in and install the clean
firmware. In theory this may work except that the router starts with the
Wi-Fi active. This would leave the new clean pc vulnerable until I had a
chance to load the new firmware.
Like I said in a previous post, the firmware that is in the unit right now
instructs the unit to fire up with both the 2g and 5g bands enabled. Yes,
that is after a factory reset. I discovered that the 2g is started password
protected and the 5g is open. I’m pretty sure that this would give enough
time for whatever this virus is to reinfect giving the hacker yet again,
control.
I also have another question…
This router has the ability to hold 2 firmwares. What are the possibilities
that a hacker could swap between the two?
I’m willing to try anything but I want to make sure it works. I’m getting
really tired of throwing more brand new equipment into the junk pile.
What I would do is this, ideally sounds like you need some help perhaps from a partner local to you, has the local supplier you got the Peplink from been able to help?
1: not on your connection but on another and clean machine thats not linked to your setup download the latest and version before firmware on this machine.
2: take your router here and factory reset it.
3: with a LAN side connection only hop onto it, upgrade the firmware with the older version of the two you downloaded.
4: It will reboot, once back put on the new latest firmware of the two you downloaded (this will wipe out any corrupted firmware on the unit in its 2 slots)
5: immediately disable incontrol admin in the config, this will stop incontrol seeing the device is online or being able to remotely access it.
6: configure the unit as you need, set a strong admin password and change the default admin username as well (good practice anyway)
6: use a different wifi SSID and PSK, set a strong complex passkey on WPA2 only.
7: Enable DDoS protection in advanced/firewall and disable all inbound connections.
These steps should get your router back into your control, in terms of your infected devices I cant really advise but an IT specialist will be able to help you with those.
Yup the Surf SOHO can be configured before ever going online as suggested by RouterSecurity.org. After securing the router you can perform the firmware update, etc. Staying one step ahead of the bad guys is a challenge. The link below has a configuration guide for the Surf SOHO that should prove valuable.