Alcatel gets security warning

Security watchers are warning of a remote-access vulnerability in Alcatel ADSL modems which may allow an intruder to modify the software running the devices.

A message bouncing around the BugTraq security mailing list reports that there is an attack in progress, by unknown parties, against all Alcatel ADSL modems in use.

Alcatel modems are the European favourite for ADSL service providers, including UK companies such as BT Openworld.

Security watchers are speculating that someone may have upgraded the firmware of all Alcatel modems in use in Italy, meaning that other European countries could be next on the list if they haven't been hit already.

List messages report portscans against port 21, the port used to upgrade modem firmware, on all IP addresses in use by a number of Italian ISPs.

It would appear the attacker is scanning the ISPs' customers to check for Alcatel ADSL modems, and then modifying them.

Although no-one seems sure what the bogus firmware does, it is thought to contain some kind of backdoor which would give a remote attacker "Expert" access to the modem.

Other suspicious symptoms include the activation of the "ftp get" command for any level of user, and the appearance of some debugging facilities.

Andrea Costantino, a security bug hunter, recommends downgrading to your previous modem software and disabling everything apart from telnet/ftp access.

Constantino also took a swipe at Alcatel "for providing backdoored software and avoiding public distribution of patches."

As a result of this incident, Constantino said Alcatel should be more "open" to the coder and hacker community about security problems.