Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Is anyone worried about security and privacy with FTTC?  (Read 3450 times)

broadstairs

  • Kitizen
  • ****
  • Posts: 3439
Is anyone worried about security and privacy with FTTC?
« on: January 31, 2012, 08:42:31 AM »

Having just read the thread about OR providing stats at a cost I was quite surprised to see a comment

Quote
Every Huawei HG612 contains an identical 2048-bit asymmetric public key for which there is a corresponding private key.  That key enables remote access to the device. Access can be used to run all manner of diagnostic tools. These include the tools already in the firmware, and also tools that are dynamically uploaded to the device.

I can think of all sorts of reasons why I think this is a privacy and security nightmare. As soon as the private key gets out as it is almost certain to do that allows anyone access to the router/modem for any purpose. God forbid that this situation applies to all FTTC supporting hardware.

Stuart
Logged
ISP:TalkTalk Connection:FTTC Cab:ECI Router:Netgear D6220

AdrianH

  • Guest
Re: Is anyone worried about security and privacy with FTTC?
« Reply #1 on: January 31, 2012, 09:11:27 AM »

My neighbour now thinks the same about Sky broadband, in their terms they insist you use the provided router,he removed it and went back to his own equipment .......... Sky have told him to put the Sky router back , how did they know?


It has to be said that there are 100,000's of connections out there on ISP supplied routers with remote configuration set up which is great for those that have no clue about settings etc. and allows the ISP to make checks and adjustments but along with that is the possibilty of others gaining access.
Logged

Maturecheese

  • Member
  • **
  • Posts: 77
Re: Is anyone worried about security and privacy with FTTC?
« Reply #2 on: January 31, 2012, 10:24:44 AM »

I was with Sky for just over a year as they took over and closed the ISP I was with, UKOnline.  I used my own router. a netgear and only plugged Skys in if I had to contact tech support.  I also made no secret of the fact to them and quite frankly I can't see how they can insist on you using the sky router as their only excuse for that policy is so that tech support can help you easier as they have knowledge of the equipment.
Logged
Blessed are the Cheesemakers

CurlyWhirly

  • Reg Member
  • ***
  • Posts: 370
Re: Is anyone worried about security and privacy with FTTC?
« Reply #3 on: January 31, 2012, 05:25:28 PM »

My neighbour now thinks the same about Sky broadband, in their terms they insist you use the provided router,he removed it and went back to his own equipment .......... Sky have told him to put the Sky router back , how did they know?
Worrying indeed as I have recently decided to switch to Sky for phone, TV and broadband  :o
Logged
Mike

asbokid

  • Kitizen
  • ****
  • Posts: 1286
    • Hacking the 2Wire
Re: Is anyone worried about security and privacy with FTTC?
« Reply #4 on: February 12, 2012, 08:46:43 PM »

Wouldn't like to comment about the security and privacy of Sky Broadband equipment.

As for the BT equipment, personal view is that it is undesirable for the operating system of the VDSL2 modem to be accessible by anyone other than the end-user himself.

The TR-069 remote management software in the modem relies on a private asymmetric encryption key for remote access. We do not know who holds a copy of that key.

We can assume that one keyholder must be British Telecom, since the public key that is found in various models of CPE from both ECI and Huawei is identical.  However, we do not know the security under which the corresponding private key is held.   Maybe British Telecom shares the private key with third parties such as other Communications Providers.

All that said, my hunch is that the security of the modem from casual attack remains good, so long as the crypto system has been implemented properly, and secure key management is maintained. The private key is a 2048-bit RSA key and a brute force attack remains infeasible.

Further, the TR-069 socket-based services in the modem are only 'listening' on tagged virtual ethernet channel 301. For security reasons, VLAN 301 is filtered on the WAN-side, either by the DSLAM in the cabinet, or in the exchange, or somewhere beyond that.   

For 'Harry Hacker' to remotely crack one of these VDSL2 modems would probably involve cracking the DSLAM first.  Nothing is impossible of course. But perhaps the greater risk comes from running negligently patched, infrequently updated or obsolete software on the PC itself.

cheers, a
« Last Edit: February 12, 2012, 11:43:14 PM by asbokid »
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 32612
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Is anyone worried about security and privacy with FTTC?
« Reply #5 on: February 20, 2012, 04:18:16 PM »

This isnt unique to FTTC. TR-069 has been in use by quite a few ISPs for several years now.
Basically any ISP that supplies you with one of their branded routers could be using TR-069 without you even knowing.

Its the ISP which holds the corresponding key. 
This enables their help desk to access certain stats and info about your line and allows them to remotely configure the router.
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker