Cable internet security blown wide open

Millions of people accessing the internet through broadband cable connections risk having their computers taken over by malicious hackers, vnunet.com can exclusively reveal.

Israeli Security Company Checkpoint revealed today that the devastating security vulnerability is caused by the shared architecture of the data channel that carries internet traffic within cable companies' fibre networks. This means groups of subscribers share a single cable connecting them to the local neighbourhood node. Each subscriber's signal is multiplexed on to this single cable by frequency division multiplexing (FDM).

The result is that a hacker could exploit the flaw to access data or take control of any remote computers sharing the same local node. Effectively local users can click on their Windows Network Neighborhood icon and see the computer names and addresses of their neighbours on the service. If any of these customers have not disabled file sharing on their drives or installed firewalls, neighbours could access their systems. It is possible for cable modem users to protect themselves against these threats by using security measures such as firewalls, however experts warned that most cable consumers generally unaware of the danger.

"It's a new problem because cable modems have always-on internet technology. Traditionally these users would have hidden behind the safety of dial-up connections. With these always-on connections they are as vulnerable as an unprotected Ethernet Lan," former security director for NATO Dr Brian Gladman told vnunet.com "There is no doubt that this is a crunch issue. The only solution is to have every user behind a firewall,"

Both major UK cable players, NTL and Telwest, say "they take security very seriously" and always advise their customers to disable file sharing on local computers. Although neither NTL or Telewest supply firewalls to their customers, both advised that users should purchase them to protect themselves. NTL provided vnunet.com with a statement saying: "PC security is the responsibility of each individual customer and NTL does not endorse any particular firewall." The company added that its broadband internet service signal is encrypted.

However, according to Ovum senior analyst Graham Titterington, encryption does not make a difference as command controls from within a shared line would bypass any encryption procedures.

Titterington said that a firewall would protect a user's PC but doubted if many cable customers had them or disabled their shared file and print functions. "How many users read the instructions when they first get their cable modems?" he said.