Does an ISP have admin access to your modem/router?

I use a Zyxel P-660HN-T1A modem/residential gateway to connect to my home ADSL subscription.

I called my ISP today to inquire about upgrading to a faster broadband package. For some reason, my call was misinterpreted as a downstream speed complaint and my call was forwarded to a technician who carried out a BER test.

After doing this (and verifying that there were no issues), he mentioned the presence of 2 devices connected via WIFI and wanted to know if I knew about this as they might be downloading data unbeknownst to me. Of course, I was shocked at this.

Furthermore, he went on to suggest that I should secure my WLAN with a passphrase. I have unprotected WIFI for reasons of my own.

My obvious question: How did the tech support agent attain this information? Should we assume that the ISP has admin access to the device and is essentially on the local network at all times, despite me changing all default logins long ago (including the telnet login credentials)?

Please advise a concerned user.

Solution 1:

The modem you have allows remote management via TR-069, which could allow access to the information mentioned.

Solution 2:

Did the ISP provide the router? If yes, then it is their equipment, why wouldn't they have access. I know for certain, that Comcast and other ISPs have access to the routers they provide.

If you are paranoid, you should set the ISP provided equipment to act as a bridge, and get your own router.

Solution 3:

It's common for ISPs to have full access to the CPE.
This is usually the "modem" and anything integrated into that device.

If you don't trust them for any reason I strongly suggest limiting the functions provided by the "modem" and attaching whatever equipment you supply to it (eg, modem plugged into a WiFi router).