Security Holes Found in Alcatel ADSL Modems

Weak security in high-speed Asymmetric Digital Subscriber Line modems from Alcatel could allow hackers to shut down the devices, monitor data flows, and use them for cyberattacks, computer security experts say.

Affected systems are the Alcatel Speed Touch Home ADSL modem and the Alcatel 1000 ADSL Network Termination Device, researchers at the San Diego Supercomputer Center, a unit of the University of California at San Diego, say in a security advisory Tuesday. The Computer Emergency Response Team at Carnegie Mellon University also sent out an alert.

The affected modems are sold worldwide and are widely used in the United States as well as other countries.

The devices allow third-party log-on for servicing reasons, such as updating the firmware. Due to "weak authentication and access control policies," the function could be abused, CERT and SDSC say.

After gaining access a hacker could install malicious code on the modem, such as a network "sniffer" that monitors LAN traffic, SDSC says. The hacker could also use the modem in a distributed denial-of-service attack.

Alcatel is not impressed with the security alerts and says that SDSC was not able to access the modem without exploiting a security flaw unrelated to the Alcatel products.

To access the modem in three of the four cases described, the device must initially be fooled into thinking the traffic originated from the local network. To do that the attacker must use a system on the LAN side of the ADSL modem to relay traffic to the modem. That is done via the User Datagram Protocol echo service, which should be disabled.

"This is a general network security issue," says Karsten Verhaegen, business development director for ADSL modems at Alcatel. "We advise all users to install firewall software to protect themselves from issues like these."

In the fourth case described, the attacker needs to have physical access to the DSL wire.

Verhaegen further criticized the security probe.

"The Speed Touch Home and the ADSL Network Termination Device, a predecessor to the Speed Touch Home, are not designed for use in a LAN. We have a Speed Touch Pro with firewall for those professional environments," he says.

Nevertheless, another Alcatel spokesperson says the company's engineers are in contact with SDSC and CERT to determine what the problems are and, if there are problems, what to do about them.

Coauthor of the SDSC advisory is Tsutomu Shimomura, a well-known security researcher and coauthor of Takedown, on the arrest of hacker Kevin Mitnick.

Alcatel shipped 636,800 DSL modems in the fourth quarter of last year, making it market leader with a 34.9 percent share of the worldwide DSL modem market, according to researcher Dell'Oro Group.