|High-speed modem's flaw can let hackers in |
Thursday, April 12, 2001
THE ASSOCIATED PRESS
WASHINGTON -- A popular brand of high-speed modem has a flaw that could allow hackers to take control of a computer user's Internet connection or cut it, security experts said yesterday.
The flaw, which can be exploited through a virus, could threaten hundreds of thousands of small business and home users around the world whose computers are equipped with the modem, manufactured by Alcatel.
A hacker could shut down a user's connection or take control of many of the modems to flood a Web site with messages, similar to attacks that shut down CNN.com, eBay and other popular Web sites last year.
Alcatel said in a statement it does not plan to update the modem's software. The company advised its users to install protective software to overcome the flaw.
"To date, we know of no instances where any Speed Touch modem user has been compromised due to the reported vulnerabilities," Alcatel spokesman Jay Fausch said in the statement.
"For people that believe that their home computer is secure, that's not a true statement," said Marty Lindner of the CERT Coordination Center, a network security group funded by the Defense Department.
Tsutomu Shimomura and Tom Perrine of the San Diego Supercomputer Center discovered the problems in Alcatel Speed Touch Home DSL modems. The modems provide high-speed Internet service -- called Asynchronous Digital Subscriber Line or ADSL -- through traditional phone lines.
"These flaws can allow an intruder to take complete control of the device, including changing its configuration, uploading new (modem software) and disrupting the communications between the telephone central office providing ADSL service and the device," Shimomura wrote in a report.
Shimomura, best known for tracking down and capturing computer outlaw Kevin Mitnick, found the problem while testing his own Alcatel modem.
"We don't know of any good solutions right now," Shimomura said in an interview. "Alcatel really needs to put out some code to fix this."
About 2.5 million DSL connections are in use in the United States, according to market research firm TeleChoice.
Alcatel shipped over 600,000 DSL modems during the fourth quarter of 2000 and claims nearly 35 percent market share.
Some Southwestern Bell and Pacific Bell DSL customers use Alcatel's modems, according to customers writing at the DSLReports.com Web site. Neither phone company responded to calls for comment. Verizon does not use the Alcatel modems, a company spokesman said.
Alcatel, a French company, is aware of the problem and advises users on its Web site to download personal fire-wall software that protects against hacker attacks.
The company put an advisory on its Web site that shows how to change the modem's security settings, but the procedure involves detailed instructions that may be too difficult for many home users.
Lindner said he's skeptical of Alcatel's advice that a fire-wall program will protect users.