[Cryptography] DSL modems - how would we detect wholesale subversion?

Dan White dwhite at olp.net
Tue Oct 29 12:52:12 PDT 2013


On 10/28/13 11:56 -0800, John Gilmore wrote:
>> Many DSL modems contain a small switch, which if it's the only switch
>> in a small home or office network, would make all packets among local
>> nodes accessible to malware running in that DSL modem.
>
>And most DSL modems are provided by your giant telco DSL provider --
>such as AT&T -- which we already know has a long history of covertly
>sucking up to NSA.  Besides their longstanding cooperation on domestic
>and foreign fiber taps, they also produced the first-and-only Clipper
>Chip subverted "telephone security device" for making voice calls that
>"nobody but NSA" could listen to.  How hard would it be, really, for
>them to subvert all their DSL modems to wiretap your LAN?

Many DSL modems that I've evaluated are Linux based, and are subject to GPL
requests. I've gotten my hands on a build tarball from a couple of
different vendors which include a cross compiler, GPL source (for the
portion of the code which is not proprietary), compiled Linux kernel (which
contains proprietary drivers), and one or more proprietary binaries which,
from what I can tell, are primarily used to maintain the local
configuration. The result is a firmware which voids your warranty when
uploaded, but works.

Vendors often use the same firmware base, which is typically provided by
the chipset vendor (e.g. Broadcom). There were several modems I could break
root shell on with a shell escape sequence from the telnet/ssh menu.

None of this may be available if you're using an xBell branded modem (or
whoever your telco is). However, if you know a few details about your xDSL
connection (vpi/vci etc.), you could likely purchase your own modem, using
your own generated firmware.

Granted, there are still proprietary software components involved.

>And how would you know if they had done so?  It's so convenient that
>all AT&T DSL modems have a high bandwidth upstream connection to
>AT&T's central office switches.  And even better that consumers have
>no idea what packets are going up and down over that DSL signalling,
>because they have no equipment for monitoring raw 2-wire DSL lines
>(the way they could fairly easily detect inappropriate packets
>traveling on an Ethernet, with a little free software and a little
>replugging of Ethernet equipment).

Generally xDSL connections do not use a high amount of upstream bandwidth,
unless you've got ADSL2+ Annex M or VDSL2 going on. Your modem, if you have
access, will report the up and down sync rate, which is consistent with the
rate reported by the DSLAM in my experience. To attempt to transmit data
outside of the DSL layer, using frequencies outside of the sync rate is
difficult, would involve cooperation from a lot of different vendors, and
would be a poor used of resources. Compromise of your data would more
likely be handled in software, at layer 3. Placing your modem in bridged
mode, with an open source router behind is a very good idea (as you
mentioned).

-- 
Dan White
BTC Broadband
_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography




More information about the cypherpunks mailing list