Researchers associated with the San Diego Supercomputer Center at the University of California, San Diego have identified multiple implementation flaws in the Alcatel Speed Touch ADSL "modem" (actually an ADSL-Ethernet router/bridge). These flaws can allow an intruder to take complete control of the device, including changing its configuration, uploading new firmware, and disrupting the communications between the telephone central office providing ADSL service and the device.
These flaws allow the following malicious actions:
- changing the device's configuration such that the device can no longer be accessed;
- disabling the device, either temporarily or permanently (requiring return of the device to the manufacturer); and
- installation of malicious code, such as a network sniffer to gather local LAN traffic (that is not being bridged) and making the box more easily/covertly remotely accessible.
One of the more interesting discoveries was a cryptographic challenge-response back door that completely bypasses any password that a user may have set on the device. [30]