Router and modems insecurity is a major cause of concern for
governments around the world. Cyber criminals are targeting routers and
modems used by home users’ for a broadband connection. In most of the
case the routers and modems come with standard login and password
credential for practical reasons and convenience. The manufacturers of
routers and modems expect the end user to change their login credentials
and password. However, a majority of home users do not change such
crucial information and this make the routers and modems vulnerable to
various cyber attacks.
Amid growing threats of cyber attacks and hacking of websites, the Department of Telecommunications (DoT) has prescribed the security measures to be adopted in ADSL Modems to safeguard against misuse
(PDF). These security measures must be adhered to by internet service
providers (ISPs) of India within 60 days of the formulation of these
measures. This is asking too little from the ISPs as there are other
major telecom security issues in India that are still not redressed properly. The truth is that Indian telecom networks are highly vulnerable to cyber security threats.
DoT has noted that crackers have been exploiting vulnerabilities in
the asymmetric digital subscriber line (ADSL) modems. The ADSL modems
are usually installed by broadband service providers at homes and
offices. DoT has written to all ISPs to “assist customers to change the
password, including by physical visits”. It has also come out with a new
set of guidelines for ISPs that must be implemented by May 2014 to
ensure security of almost 1.5 crore fixed-line broadband users.
The ADSL modems are presently supplied by vendors with default set up
of user ID and password as “admin’. The default password needs to be
changed to a strong password by customer at the time of installation of
modem to avoid unauthorised access to modem. The ISP executive visiting
customer for installation of modem should ensure this.
The protocol ports in ADSL modem on WAN side [for example, FTP,
TELNET, SSH, HTTP, SNMP, CWMP, UPnP] be disabled. These ports may be
used by the hackers to enter into the ADSL modem to misuse/compromise
the ADSL modems by way of implanting the malware, changing the DNS
entries in the modem.
In other instructions, the ISPs have been asked to devise a
“mechanism to upgrade the firmware of the ADSL modems remotely by ISPs”.
For this, the ISPs need to have separate login password, which is not
possible in the present system of ADSL modem design. The DoT has asked
the ISPs to tell their customers to check their online daily usage, and
if any unexpected high usage of data is noticed, they may bring it to
the notice of the ISP concerned. Customers should also be advised to
switch off their modem when not in use. Readers of this blog may see the
document (PDF) for a detailed analysis.