‘Ziggo’ ISP Scared Customers With Spammy Security Notice

By Bill Toulas / August 13, 2020

The ‘Ziggo’ ISP (internet service provider) in the Netherlands has engaged in some scare tactics with its customers, sending emails that looked like phishing at first sight. The ISP’s purpose was to inform its clients of a security vulnerability affecting a specific device that they sell to their customers, the TP-Link-based “WiFiBooster Ziggo C7.”

This is a very popular device among Ziggo subscribers, as it helps extend or strengthen WiFi signals and network coverage on home networks.

ziggo c7

Source: Ziggo

The problem with the particular device is that it comes with weak credentials by default, so a hacker could easily brute-force them and take over control of the network. Even a botnet with hard-coded credentials could do it, so users needed to change the password to something non-guessable.

This should have been advised during the purchase or via a note in the box (like TP-Link does). Ziggo could have even urged the user to change the password during the installation of the device since the ISP is using custom firmware anyway. Somehow, Ziggo missed all of these opportunities and then tried to save the day via email.

The message, as translated by Malwarebytes in English, was saying the following:

Dear Mister ####,

To keep our network safe, experts are looking for weak spots. Unfortunately, such a weakness was found in the Wifibooster Ziggo C7. You can recognize the device by the ‘C7’ mark at the bottom. This email is about this device and this type only.

Do you indeed use the Wifibooster Ziggo C7? In that case, change the default settings in your personal settings to keep your device safe. Below we will explain how.

Urging the recipient to follow a link to access instructions on how to change their WiFi device password sounds like phishing, right? Ziggo should have included these instructions right on the email message, but this wasn’t even their only mistake.

The ISP actually sent the above email to all of its subscribers, not only those who had bought the Wifibooster Ziggo C7. So, this is basically spamming as well. And thirdly, Ziggo preferred not to give away many details about the actual threat, which makes the message suspiciously generic. Instead, they could have published a security advisory for the product, detailing the security risks, and offering mitigating steps.

Ziggo is one of those ISPs who stand behind its subscribers’ privacy rights, denying anti-piracy groups its client identification details. The company is also quite active when it comes to proactively evaluating its products’ security, which is what happened in this case. However, their approach when it comes to informing their customers of a security risk suffers, and it’s an example for everyone else of how not to do things.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari