Alcatel ADSL Modem vulnerabilities

[Don Davis]

Summary:

Researchers associated with the San Diego Supercomputer
Center at the University of California, San Diego have
identified multiple implementation flaws in the Alcatel
Speed Touch ADSL "modem" (actually an ADSL-Ethernet
router/bridge). These flaws can allow an intruder to
take complete control of the device, including changing
its configuration, uploading new firmware, and disrupting
the communications between the telephone central office
providing ADSL service and the device.

These flaws allow the following malicious actions:

  * changing the device's configuration such that the
    device can no longer be accessed;
  * disabling the device, either temporarily or
    permanently (requiring return of the device to
    the manufacturer); and
  * installation of malicious code, such as a network
    sniffer to gather local LAN traffic (that is not
    being bridged) and making the box more easily/covertly
    remotely accessible.

One of the more interesting discoveries was a cryptographic
challenge-response back door that completely bypasses any
password that a user may have set on the device.

All testing to date has been done in LLC/SNAP bridge mode.
Routing mode was not tested. There may be other flaws that
are easier to exploit in that mode.

(Speed Touch is a trademark of Alcatel.)

http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com