«
»

Rogers Injecting “Friendly Reminders” Into Web Pages I Surf To…WTF?

Rogers has been off my radar screen for a while now and I even suggested in my year end review that they might have changed their ways.

I spoke too soon.

Tonight I got home and wanted to surf to a few websites to unwind. That’s when I got a browser Javascript injection from Rogers in my web browser alerting me that my modem+router combo from them is using the default wireless password and that I should change it. Here’s a picture of the message that I got. Click the image to see it in full size:

ss+(2016-01-13+at+10.25.54)

Here’s the stupid part of this whole thing. Actually two of them:

  1. My modem is actually in bridge mode, so the WiFi router part is not even being used. If you want to know how I did that, click here.
  2. Each of the Rogers modems has a unique WiFi password (printed on a label on the modem). So it’s not that insecure as you would need physical access to the modem to get the password.

Thus there’s no reason for me to get this message.

WTF?

Another thing that really bothers me is this line from the message that I received:

“Our installation records show that you did not change the default settings for the Wi-Fi network name and password for your Rogers Internet modem.”

So does that mean that Rogers is keeping track of the changes that I make to the modem from a WiFi name and password perspective? That’s very Big Brother like if that’s the case and does little to give me the warm fuzzies. I know that Rogers does have the ability to access the remotely, as I had a reader of this blog reach out to me in regards to his modem+router being accessed by a Rogers employee in a way that made him feel uncomfortable (though to be fair, Rogers did look into it when I posted the story…. though the reader still wasn’t thrilled with the results of that investigation). Thus Rogers keeping track of if I change the modem+router settings may not be a stretch.

Back to the method of injecting this message into my browser via Javascript. That smells of their attempts to alter web page content back in 2008. It was distasteful then, and it is distasteful now, not to mention that it really paints Rogers in a negative light. Not to mention that this is a popular attack vector for hackers.

Now I get why Rogers might want to do this as they’re trying to help their users. But this message, the way that it is worded, and how this message is being delivered to me does little to make me think that Rogers is trying to do the right thing. Now I know that Rogers will read this post and send me some sort of statement to put some spin on this as that’s what tends to happen whenever I write something negative about Rogers. I can’t wait to see how they explain this and when they do, I’ll tell you about it.

 

This entry was posted on January 13, 2016 at 9:55 pm and is filed under Commentary with tags . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses to “Rogers Injecting “Friendly Reminders” Into Web Pages I Surf To…WTF?”

  1. Corey Says:
    January 14, 2016 at 9:21 pm

    I got the same message tonight, in the same situation – modem in bridge mode, connected to a separate router. I complete agree with you: no matter their intent, this is a little creepy for Rogers to be doing. Besides, if they can tell my modem’s default password hasn’t been changed, should they not also be able to tell that it’s in bridge mode and not using the router functions?

    Reply
    • itnerd Says:
      January 15, 2016 at 12:43 pm

      You’d think that’s the case. It on the list of things that I want to ask Rogers. But they haven’t reached out to me and they usually do that when I write something negative about them. I guess that the blow back from this is irrelevant to them.

      Reply
  2. Dave Says:
    January 15, 2016 at 3:40 am

    Same story. Modem is in bridged mode, connected to my own router. Definitely leaves me feeling squeamish to think that they’re tracking username/password.

    Reply
  3. gabzox Says:
    May 2, 2017 at 7:03 pm

    I dont get the issue. Yes injections can be uaed for malicious purposes but is not malicious by nature. It doesnt make your system less safe. They could have redirected you to a completely different page which maybe they should have since your fearf.

    As for pass checking lots of companies do now. They check the hashed version and compare it with their hashed version if its the same its the default. Its popular and its to protect people otherwise people blame the companies for not doing what they can

    Reply

Leave a Reply to DaveCancel reply

Discover more from The IT Nerd

Subscribe now to keep reading and get access to the full archive.

Continue reading