Thousands of modems potentially unsafe as Melita resets password to ‘password’

NEWZ.mt has found a severe security issue in Melita modems, as the provider regularly resets their admin login to factory settings

If you’re a consumer with average IT skills, you’ve most probably never heard of it:

When you’re connected to your Melita home internet, you can easily access your modem’s settings by simply typing 192.168.0.1 in your browser’s address bar.

This browser interface allows users to not only change their networks’ names and passwords, but also numerous sensitive security features.

By default, the login credentials to this interface are ‘admin’ and ‘password’, which ideally should be changed upon first installation to ensure better network security.

In the case of Melita’s ARRIS modems, however, even manually set credentials are regularly reset by the provider – while other manual settings including custom Wi-Fi names and passwords remain the same.

ARRIS admin interface at 192.168.0.1

This is of particular concern since any proficient user with access to your home internet, unless you provide them with the available separate guest Wi-Fi, can access 192.168.0.1 too.

Another cause for concern is that hundreds of small businesses across Malta and Gozo are in fact using Melita home internet to provide Wi-Fi to their customers directly from their Melita modems.

If you’re reading this article while connected to the internet at your favourite little café, chances are good you would be able to take over their modem for a while. Legal advice: Don’t!

Melita has claimed it has no solution to the problem, and that clients could always change usernames and passwords, however “from time to time it will be set [to] default if the modem is reset”.

Update 1 August | The internet service provider said it “firmly rejects any claims” on unsafe modems in an evasive reaction issued on Wednesday evening.

Cover Image: Freepik