SecuReporter Report via download link? - Spam or valid?

USG_User
USG_User Posts: 374  Master Member
5 Answers First Comment Friend Collector Sixth Anniversary
edited January 2023 in Security
Presently we're commissioning our USG700Flex in "on premise" mode. The USG is not yet in production system and most of the time still switched off.
SecuReporter is also not activated.

Today we've received an email
from: <do-not-reply@secureporter.cloudcnm.zyxel.com>
subject: SecuReporter Schedule Report (Organization: our company name , Device: USG700Flex ,2023-01-08 - 2023-01-15)

content:
______________________________________
Dear User:

Please download SecuReport Report file with this Download Link
Organization: our company name
Device: USG700Flex
Period: 2023-01-08 - 2023-01-15
Report Type: Weekly

P.S. The download link will be expired after 7 days.

Sincerely
SecuReporter Team
_______________________________________

The link within this mail leads to:

We are a little bit confused. Is this spam or a real report? Why do we get such a report while we didn't activate SecuReporter? Why the download link doesn't contain a Zyxel mail domain but official-reports-eu-west-1.s3.amazonaws.com for downloading any reports?

We didn't klick on this suspicious link.


All Replies

  • WJS
    WJS Posts: 155  Master Member
    5 Answers First Comment Friend Collector Second Anniversary
    My download link is almost like this. 
    And I suppose that you have claimed the device or you will not have Organization and device information in mail.

  • USG_User
    USG_User Posts: 374  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    Yes, the device is registered and the mail contains our real Company name, which I have removed for this post.
    Nevertheless SecuReporter has not been activated or registered or whatever, and that's why we're confused about it.
  • Well, I help many folks here. 
    This link will lead you to download a local pdf file, which will open in your default browser.

    You may not have registered or not registered your firewall on Zyxel portal.
    You may not have enabled SecuReporter option in your Zyxel firewall.
    This report comes to you by default.

    The only different difference between registered devices and unregistered devices is the "name of the device in the link"
    Because Nebula Control Center (NCC) and Cloud Reporting Tool (SecuReporter) are hosted on AWS, the link will always carry "https://official-reports-<b>eu-west-1.s3.amazonaws.com</b>"
    The noticeable difference will be:
    • Unregistered devices will carry Product name, ie. your case USGflex_700
    • Registered devices will NOT carry product name. 

     Regards
    Kinshuk Joshii
  • kinshuk
    kinshuk Posts: 2
    First Comment
    edited January 2023
    Well, I help many folks here. 
    This link will lead you to download a local pdf file, which will open in your default browser.

    You may not have registered or not registered your firewall on Zyxel portal.
    You may not have enabled SecuReporter option in your Zyxel firewall.
    This report comes to you by default.

    The only different difference between registered devices and unregistered devices is the "name of the device in the link"
    Because Nebula Control Center (NCC) and Cloud Reporting Tool (SecuReporter) are hosted on AWS, the link will always carry "https://official-reports-<b>eu-west-1.s3.amazonaws.com</b>"
    The noticeable difference will be:
    • Unregistered devices will carry Product name, ie. your case USGflex_700
    • Registered devices will NOT carry product name. 

     Regards
    Kinshuk Joshii
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 885  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    edited January 2023
    Hi @USG_User
    If your device have been claimed and enabled Report settings. 
    Regardless you have enable feature in firewall, the report will be sent 


    If still have concerns. Please provide your SecuReporter settings by private message.
    Thank you
    Kevin
  • USG_User
    USG_User Posts: 374  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    Hi Kevin,
    Of cource, since we've purchased an USG Flex 700 with licence bundle, the SecuReporter service has automatically activated and is showing "activated" in CONFIGURATION > LICENSING > REGISTRATION.

    But in CONFIGURATION > MGMT & ANALYTICS, SecuManager and SecuReporter are both disabled. That's why such reports should not be generated and sent, even if they are empty reports only!

    By the way, the EU GDPR requires in Chapter II, Principles, Acticle 5, 1. (c):
    "adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ('data minimisation');"     :)

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 885  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @USG_User
    In CONFIGURATION > MGMT & ANALYTICS, SecuManager and SecuReporter, just a switch to determine whether to send the data out.
    To stop receive report, please navigate to SecuReporter settings and disable the report settings.


    Or if you don't want to use SecuReporter, please remove the device from Org. 
    (Organization & Device -> Delete this device)
    Thank you
    Kevin
  • USG_User
    USG_User Posts: 374  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    edited January 2023
    Hi Kevin,
    thanks a lot for your quick reply. But I'm not sure where to switch-off the report sending. I assume this has to be set at the internet at portal.myZyxel.com, isn't it?

    But to reach the report-sending-switches from your screenshot above, I have to change the application from standard myZyxel screen to SecuReporter screen. But when doing this the following screen appears:


    This means to me, that I firstly have to grant SecuReporter additional access rights to personal information in order to stop any SecuReporter activities?
    If SecuReporter firstly needs additional access to (email) information, why it is able to send reports right now?

    Your general procedure in this regard is not in good order. When a customer is purchasing the device with full bundle licence package, it doesn't mean automatically that all service will be used. But Zyxel is activating them all on first registration of the device.
    And especially services like SecuReporter should never send/retrieve any data from/to a device. That means that data, including IP addresses may be transmitted to outside Europe, which is prohibited without signing additional data processing agreements as per GDPR. I have a problem with such behaviour.
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 885  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @USG_User
    As private messages mentioned, you have disable it. 
    For GDPR concern, please find "GDRP conformity on SecuReporter" article.

    Thank you

Security Highlight