AT&T Router Device Access Settings Still Visible


#1

Hello,

I bought the Koalasafe Router 2 weeks ago and I think it is amazing. Unfortunately I’ve run into a bit of a problem.

I am using AT&T internet service and an AT&T provided router. When I log onto my 16 year old’s Koalasafe profile and use it in Homework Mode, I realized that I can still access the device settings for the AT&T router through the Koalasafe router at the following address:

http://192.168.1.254/

This address leads to the device settings and on the device settings page it shows the password to the main AT&T Router in plain sight. Obviously this wholly defeats the purpose of our Koalasafe because my 16 year old can see the password for the AT&T Router and use it to completely avoid the Koalasafe router. I tried to manually block this address in the Koalasafe app but when I try to block it, I get the following message:

http://192.168.1.254/ is not a valid domain(400)”.

I cannot find any other way to block access to the AT&T device settings to keep him from seeing and using the password to the AT&T router. Is there a solution to this problem?

Thanks


#2

Hi @Svc641,

That seems like a terrible oversight by AT&T!
I’ll have a look into what can be done from our end and get back to you.

Adam


#3

Yeah, I would say so. I did seem to find a solution last night after searching the internet. I used MAC filtering on the AT&T Router. It took me a while to get it to work and to figure out I had to disable WPS on the AT&T router to enable MAC filtering. He can still see the password but the router won’t let him access it on his device. In the meantime, it was really quite comical because I would keep changing the ATT router password while I was in bed a invariably our teenager would venture out of his room, down into the basement to look at the IP address on the router so he could access the device screen. This went on for 2 hours or more because I just kept changing the password every time he would figure out the new one! But he couldn’t say much about it because he didn’t know we had identified the weak point in the system he was exploiting. He must have been awfully frustrated for those 2 hours! Although still probably not as frustrated as he’s going to be when i have physically secured the router so he can’t get to it! Anyway, I am still going to have to lock up the ATT router because the factory reset button will wipe out the MAC filtering and reset the ATT router to defaults. This problem was/is a huge hole in security for both the ATT router and the Koalasafe system. It’s so easy to circumvent the Koalasafe router with a simple reset of the ATT router. I’m going to go put a lock on the door to the router room right now!


#4

Hi @Svc641,

All devices on your KoalaSafe should not have access to the At&T portal anymore.

Any other At&T users who face this issue, please contact support and we can manually configure your device

Thanks
Adam


#5

Wow that was fast! Thank you so much! Like really, thank you!


#6

Fantastic- just researching whether to purchase, and was concerned about this loophole. To clarify- blocking the kids device from the primary router using mac filter will still allow access thru the Koala router. Now- if only there were a couple ethernet ports on the koala, so the gaming computers didn’t have access to the passwords… hint hint.