Alcatel ADSL Modem vulnerabilities
Don Davis
dtd at world.std.com
Tue Apr 17 22:33:40 EDT 2001
Summary:
Researchers associated with the San Diego Supercomputer
Center at the University of California, San Diego have
identified multiple implementation flaws in the Alcatel
Speed Touch ADSL "modem" (actually an ADSL-Ethernet
router/bridge). These flaws can allow an intruder to
take complete control of the device, including changing
its configuration, uploading new firmware, and disrupting
the communications between the telephone central office
providing ADSL service and the device.
These flaws allow the following malicious actions:
* changing the device's configuration such that the
device can no longer be accessed;
* disabling the device, either temporarily or
permanently (requiring return of the device to
the manufacturer); and
* installation of malicious code, such as a network
sniffer to gather local LAN traffic (that is not
being bridged) and making the box more easily/covertly
remotely accessible.
One of the more interesting discoveries was a cryptographic
challenge-response back door that completely bypasses any
password that a user may have set on the device.
All testing to date has been done in LLC/SNAP bridge mode.
Routing mode was not tested. There may be other flaws that
are easier to exploit in that mode.
(Speed Touch is a trademark of Alcatel.)
http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list