Security warning for all FRITZ!Box users registered with the MyFRITZ! service


AVM, the producer of the well-known home router FRITZ!Box, has issued a security advisory and contacted all users of the cloud service MyFRITZ! to warn them about a potential fraudulent use of telephone services connecting through FRITZ!Box routers.



(click to enlarge)

According to AVM, it appears that attackers are connecting to the router on the external interface and somehow get administrative access. Such an attack is only possible if the attacker knows the precise combination of e-mail address or FRITZ!Box username, FRITZ!Box IP address, and the passwords for remote access and the FRITZ!Box interface. All these are available in the MyFRITZ! cloud service. With this information, they are able to add an expensive VoIP provider and set it as default service for telephony. This way, any phone call made through the AVM router would be made through the expensive VoIP provider.

AVM says that it is possible that these attacks are linked to the theft of 16 million digital identities that was recently announced by the German Federal Office for Information Security (BSI).

AVM also advises users to change the password of the email address registered in the Push service.

Seeing this advice, I can’t stop thinking that it might be possible that the MyFRITZ! cloud service was hacked and the user data compromised. I guess we will know this after AVM finishes their investigations.


Here is how to make sure that you are not a victim and how to prevent to become one:

Checking telephony devices and deleting unknown IP telephones.

Delete any unknown IP telephones to make sure that the cannot be used to make make fraudulent calls:

  1. Click “Telephony” in the FRITZ!Box user interface.
  2. Click “Telephony Devices” in the “Telephony” menu.
  3. 3. You can recognize IP telephones because “LAN/WLAN” will be displayed in the “Connection” or “Port” column for that telephone. Click the corresponding “Delete” button to delete any IP telephones you are not familiar with.


Deleting call diversions to unknown telephone numbers and disabling call through

  1. Click “Telephony” in the FRITZ!Box user interface.
  2. Click “Call Handling” in the “Telephony” menu.
  3. Switch to the “Call Diversion” tab and delete all entries that divert calls to international numbers you are not familiar with.
  4. Switch to the “Call Through” tab and disable the option “Enable call through”.
  5. Click “Apply” to save your settings.

More details are available on the AVM website.

Sorin Mustaca

IT Security Expert

Thank you for reading this post on Avira TechblogFor latest news please follow us on FacebookTwitterGoogle+.

from Avira – TechBlog

© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check for seeing the consulting services we offer.

Visit for latest security news in English
Besuchen Sie für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: