Security holes found in Alcatel ADSL modems

Weak security in high-speed ADSL (Asymmetric Digital Subscriber Line) modems from Alcatel SA could allow hackers to shut down the device, monitor data flows, and use it for cyber attacks, computer security experts said.

Affected systems are the Alcatel Speed Touch Home ADSL modem and the Alcatel 1000 ADSL Network Termination Device, researchers at the San Diego Supercomputer Center (SDSC) , a unit of the University of California at San Diego, said in a security advisory (http://security.sdsc.edu/self-help/alcatel/alcatel-bugs) Tuesday. The Computer Emergency Response Team (CERT) at Carnegie Mellon University also sent out an alert (http://www.cert.org/advisories/CA-2001-08.html).

The affected modems are sold worldwide and are widely used in the U.S. as well as other countries.

The devices allow third-party logon for servicing reasons, such as updating the firmware. Due to "weak authentication and access control policies" the function could be abused, CERT and SDSC said.

After gaining access a hacker could install malicious code on the modem, such as a network "sniffer" that monitors LAN traffic, SDSC said. The hacker could also use the modem in a DDoS (Distributed Denial of Service) attack.

Alcatel is not impressed with the security alerts, saying that the SDSC was not able to access the modem without exploiting a security flaw unrelated to the Alcatel modems.

To access the modem in three of the four cases described the device must initially be fooled into thinking the traffic originated from the local network. To do this the attacker must use a system on the LAN side of the ADSL modem to relay traffic to the modem. This is done via the UDP (User Datagram Protocol) echo service, which should be disabled.

"This is a general network security issue," said Karsten Verhaegen, business development director for ADSL modems at Alcatel. "We advise all users to install firewall software to protect themselves from issues like these."

In the fourth case described the attacker needs to have physical access to the DSL wire.

Verhaegen further criticized the security probe.

"The Speed Touch Home and the ADSL Network Termination Device, a predecessor to the Speed Touch Home, are not designed for use in a LAN. We have a Speed Touch Pro with firewall for those professional environments," he said.

Nevertheless, another Alcatel spokesman said the company's engineers are in contact with SDSC and CERT to determine what the problems are and, if there are problems, what to do about them.

Co-author of the SDSC advisory is Tsutomu Shimomura, a well-known security researcher and co-author of "Takedown," on the arrest of hacker Kevin Mitnick.

Alcatel shipped 636,800 DSL modems in the fourth quarter of last year, making it market leader with a 34.9 percent share of the worldwide DSL modem market, according to researcher Dell'Oro Group Inc.

Join the newsletter!

Error: Please check your email address.

More about Alcatel-LucentCarnegie Mellon University AustraliaCERT AustraliaComputer Emergency Response TeamDell'OroMellon

Show Comments