Modems 'easily hacked'

Ilse Arendse

Cape Town - Some Telkom ADSL modems are easily hacked, according to an IT security expert, but Telkom says it has been actively informing clients and the public on how to protect themselves.

Dino Covotsos, CEO of Telspace Systems, demonstrated the vulnerability of Telkom's Mega 100 and 200 wireless modems at a security summit in Midrand, on Thursday.

Covotsos said modem hacking leads to bandwith theft if the default WPA key is not changed to a more complex and personalised WPA key (and if the modem is used as supplied by Telkom).

Wi-Fi Protected Access (WPA), keeps out unwanted users by checking for the proper permission and password before allowing network access.

"Hackers can take advantage of these poor default settings to utilise their target's bandwidth. Hackers could also utilise these hacked ADSL modems to launch further attacks, either internally on the network or to external companies, said Covotsos.

"It could take attackers less than five minutes to essentially gain access to your ADSL modem. Even if this issue is corrected in newer models, there are still many ADSL modems that have been installed with the default settings and are still vulnerable," he added.

To protect yourself, Covotsos suggested that a modem's WPA key be changed immediately, and that it should be between eight and 64 characters in length.

Not exclusive to Telkom

A Telkom media liaison told News24 the problem is not exclusive to Telkom modems and that the company has "communicated extensively" to clients and the public on how to protect themselves.

News24 was referred to an earlier statement that Telkom issued regarding bandwidth theft.

In the statement Thokozani Mvelase, Acting Executive of TARPS (Telkom Asset and Revenue Protection Services), explained that a software programme downloads the default username and password which comes with the newly purchased ADSL hardware.

If the legitimate customer does not change and personalise the default username and password, fraudsters can steal the bandwidth capacity of the client.

Mvelase said that if the internet is used on a daily basis, the customer would notice bandwidth theft immediately as they would not be able to access the internet.

However, victims often fail to notice fraudulent activity until they receive their monthly accounts, and then only if the bill is unusually high and includes international call charges which they haven't made.

According to Telkom, customers are liable for the costs incurred in these crimes because the computers and modems are a customer's own property. However, to assist in detecting incidences, Telkom has a fraud management system in place which monitors calling behaviour of all clients.

This will raise an alarm should the calling profile change. One intervention measure Telkom reportedly takes is to remove international dialling should it detect international calls being made continuously to a destination which the customer has never previously called.

Telkom also urged victims of bandwidth theft to report the crime to the South African Police Services (SAPS), who will then contact the relevant ISP for detailed records to assist them in their investigation.

- News24