Modems in danger of hackers gaining entry

By ADAM GIFFORD

Owners of Jetstream modems are being urged to conduct basic checks to ensure they are not vulnerable to hackers, who can use them as relays for spam emails or to conceal where data is going.

"Strictly speaking they are not modems but routers connected to the internet as long as they are plugged in and powered up," said Unitec networking student Alan Birch.

His investigations into the configurations on his own Nokia ADSL (asynchronous digital subscriber line) modem revealed it could be hacked into from the outside.

Birch said he had assumed his modem was secure after asking his sister to try to access it from outside by putting in its IP address - found using a program called Samspade - into a browser.

"The problem was the IP address is dynamic, and the one I gave her had expired when she put it in the browser ," Birch said.

"After I read the article in the Herald last week I thought I still might not be safe, so I downloaded the administration manual from the Nokia website and found I could access the modem's command line through Hyperterminal.

"When I did that I saw there were no passwords in place - I just needed to hit enter to get in."

Birch used Hyperterminal to create passwords for all the access levels.

Networking specialist Darren Clarke of Service Direct said most DSL modem brands had the remote configuration features disabled by default, and could be accessed only from inside the network.

"If remote management or external configuration options are required, the customer needs to know and understand the risks, and the reseller must take all necessary precautions to minimise this risk, such as changing default passwords to secure password formats," Clarke said.

Clarke suggests DSL modem users download a port scanning tool such as Shields Up - https://grc.com/x/ne.dll?bh0bkyd2 from the internet to test their modem.

"It scans the different port numbers to see which are open.

"The two ports we are concerned about are port 80, which is the HTTP web browser, and port 23, which is telnet.

"If either is available, it could allow someone to play around in your configurations."

Clarke said people should also look for pinholes, ports which were open to allow data to be redirected.

"If I want to have an email server in my organisation I would have to put in a pinhole, which is port 25 for SMTP.

"Normally most environments don't need any ports open. If the mail just goes to a POP mailbox, you don't need that port open."

Clarke said companies installing DSL modems should check the configurations to ensure they were not vulnerable.

"There is also an opportunity for a smart web developer to create a site which will check those two ports, 80 and 23," he said.

Clarke said if people were unsure of their vulnerability they should ask their internet service provider or local modem service agent to help check it.