Serious security flaw!

So I called pepwave today and told them my theory about someone using the incontrol dashboard to control my router because the firmware installed on my mk3 and supposed to be controllable from the incontrol2 dashboard but it is also controlled from the incontrol 1 dashboard. The hackers registered my serial # with incontrol (1) and they are hosting an incontrol 2 dashboard on a dummy server. Ooops. Just a small oversight. This thing just let the hackers waltz right into my home. I’m not even a computer guy and I figured this out.

Well I guess it’s time to throw this thing in the garbage along with all of my phones and computers. Thanks Peplink/Pepwave for helping facilitate these criminals.


Hi John,

Have you tried a factory reset and reconfigure the unit offline (ie: LAN connection only no WAN connectivity at all so incontrol cannot reach it)
in the default settings under “system” go to the incontrol section and untick “allow incontrol management” then put back all of your regular (own) config on and test?

1 Like

Thank you for your response. The only problem with that is every time I
power the unit on the Wi-Fi comes on. Therefore that gives I’m guessing my
cell phone enough time to connect to it and reroute any inquiry I do on my

I’m telling you I spent six months investigating how this hack worked. My
Google account shows two of the same exact phones on my account. They’re
using a loop-back to make my phone act as its own server along with other
devices that I have in the house. This thing is so vicious and
technologically advanced it’s ridiculous.

Besides even if I do that all they have to do is going to the in control
One account and reset the device from there.

I tried to go on both of my browsers on my phone to submit a support ticket
tonight and it refused to go and it said an error occurred between my
browser and the peplink server.

So tomorrow I am going to get on a clean computer so that I can submit a
ticket along with creating a email account that I will not check on my
infected devices.

This too will probably not work but I’m willing to give it a shot so that I
can get my damn life back.

I would try what I mentioned above. If you can factory reset the Peplink, take it round a friends who has a laptop/PC where you can connect an Ethernet cable to it and configure it from scratch disabling the incontrol access.

If your phone is infected and has the ability to connect to the default wifi SSID after factory reset (which seems unlikely) then you can disable this on reconfiguration first thing, I would leave your mobile device behind if you believe its infected.

1 Like