[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security Update -- Alcatel modems



PureBytes Links

Trading Reference Links

** Security Flaw Found in Common DSL Modem

Prominent network-security experts say they have identified 
multiple vulnerabilities in a widely used DSL modem that can lead 
to unauthorized access and monitoring, denial of service, and 
permanent disabling of the device.

Researchers at the San Diego Supercomputer Center (SDSC) 
identified several flaws in "Speed Touch" ADSL modems made by 
French telecom-equipment maker Alcatel. One problem is a back 
door that completely bypasses any passwords users may have set on 
the device. Intruders can potentially log on to the modem with 
the user name "expert" and change or delete embedded software. 
While testing was performed on the "Speed Touch Home" model, it's 
strongly suspected that other members of the same product family 
also share the vulnerability.

The affected modems are distributed to customers by DSL 
providers, including SBC Communications and Bell South. Alcatel 
is the world's leading DSL-modem maker and claims to have more 
than 1.6 million units installed worldwide.

A spokesman for Alcatel says the company is working with the SDSC 
and the Computer Emergency Response Team at Carnegie Mellon 
University to determine exactly which modems and how many 
customers are affected. He says they know of no instances where 
any user has been compromised. Users of Alcatel DSL modems can 
keep track of developments at
http://update.informationweek.com/cgi-bin4/flo?y=eDPY0BcmhK0V20Ml70AD