Recently a worm has been spreading that infects DSL modems. It is a harbinger of things to come. There are all sorts of other internet-enabled devices which are configured through a nearby computer. At our office, we’ve got new telephones that operate on the same principle.
This worm lets itself be known by blocking the most common ports on the modem– essentially blocking network access. That’s exactly what happened sometime between Friday night and Saturday afternoon. And yet, on further inspection, it looks like it wasn’t this worm. For one thing, someone claiming to be the worm’s author claims to have shut it down a week ago. For another, I was ultimately able to determine that both the hardware and software were wrong (but the manufacturer didn’t help.) And finally, the worm apparently attacks only from outside your home network.
This has reminded me of how insecure these network-attached devices are. I assumed I wasn’t vulnerable, now I’m not so sure. In the old days network attached modems, printers, and other such devices were built using custom chips that were difficult to break into either because they couldn’t be updated remotely, or because few possessed the specialized knowledge to program a particular device. These days, these devices are built on top of a standard set of software and hardware which isn’t much different from a PC. Someone who knows how to program Linux has a head start in figuring out how to modify a network-attached device.
Manufacturers assume that as long as administrative access is limited to the local network, the device is safe. My DSL modem even has the administrative password printed on its bottom, along with other information they expect you’ll never change. But there’s no guarantee that a laptop inside the network hasn’t already been infected, and from there it could guess the password and infect the modem.