Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search

 

Security-Assessment Uncovers DSL Vulnerabilities

Security-Assessment.com, the world-leading IT security research and development company, has discovered a vulnerability that has the potential to impact millions of DSL internet users worldwide. 20 November 2009, Research conducted by New Zealand-based computer security company, Security-Assesment.com (SA), in the field of core DSL/ADSL technology has revealed a new class of attack against the most commonly used internet provider technology – DSL. Carl Purvis, SA Senior Security Consultant, has discovered it is possible to perform a “man in the middle” attack against any DSL/ADSL customer as long as physical access to the line can be obtained.


A “man in the middle” attack is a scenario where communications between two parties is monitored and then falsifies the exchanges to impersonate one of the parties. In this case, says Purvis, the malicious user monitors and in many cases may modify incoming and outgoing traffic. While there has been widespread publicity about similar attacks being made by computer hackers using incorrectly secured wireless access points. DSL infrastructure has, up until this point, been considered safe and has not been thought to be vulnerable to attack.


“The ability to monitor a DSL line is now accessible at a relatively low cost,” says Purvis, “This is an important discovery in relation to maintaining computer security across the internet and between interoffice networks”. The biggest surprise is just how simple – and inexpensive - it is to simulate the attack. The attack mimics a user’s ISP, forcing the user’s personal DSL modem to pass all traffic through an inspection tool running on a portable server platform. This is all possible using “off the shelf” equipment that can be assembled for around $1000, less than the cost of an average laptop computer.


One form of this attack would see a malicious user park outside a victim’s house or office building and physically attach their own network infrastructure to the DSL line and have the ability to access highly valuable information. Although there is very little in the way of published reports about these vulnerabilities Purvis believes it is highly likely they have already been exploited elsewhere in the world. The scale of the vulnerability is enormous, says Purvis, with DSL being the dominant broadband internet technology used by New Zealand businesses and consumers.


The latest Commerce Commission figures show 1,100,000 DSL connections in New Zealand as at 31 Oct 2009. Worldwide broadband subscriptions will exceed 536 million by 2011 with DSL representing over half the market. Purvis believes this vulnerability should be of particular concern to the thousands of New Zealand companies that communicate daily data via corporate networks that utilise DSL as an access mechanism. These companies include banks, government departments and retailers as well as many of the country’s largest organisations.


“Many of these corporate networks may be unencrypted and therefore susceptible to this attack.” In Purvis’ opinion the risk of businesses becoming victims of corporate espionage is very real. “A malicious attacker could, for example, connect to a branch office of a large company, gain access to its customer database and use the information within that database to contact the customers with competing product offerings.” Purvis says that at this stage there are no effective security controls which can be implemented en masse to reduce the risk from this attack.


He says that New Zealand companies typically harden the outer shell of their networks – business to business or internet communications for example – but don’t tend to harden their inter-office networks. “This is where the DSL attack can be used to gain access to the company’s network and data and is a security gap that needs to be addressed.”


“I’d recommend businesses and individuals focus on the basics; assess the sensitivity of what they are using DSL for and use encryption over the DSL link wherever possible.” Security-Assessment.com is one of the world’s only “pure play” security companies, specialising in research and development. It provides independent security advisory, assessment and assurance services to help organisations establish and maintain a secure environment. Doug Browne, SA General Manager, firmly believes that SA’s research will help organisations improve their overall information security stance.


“Security-Assessment.com adheres to a strict policy of responsible disclosure. In line with this policy, we have taken time to share this piece of research with the relevant organisations.” he says.


ENDS

© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 

NZTA: Major New Zealand Upgrade Programme Projects Go To Tender

Two major New Zealand Upgrade Programme projects are beginning tenders for construction. The New Zealand Upgrade Programme is a $6.8 billion investment to get our cities moving, to save lives and boost productivity in growth areas. The first Auckland ... More>>

Reserve Bank: RBNZ Seeks To Preserve Benefits Of Cash

The Reserve Bank – Te Pūtea Matua is taking on a new role of steward of the cash system “to preserve the benefits of cash for all who need them”, Assistant Governor Christian Hawkesby told the Royal Numismatics Society of New Zealand annual conference ... More>>

ALSO:

Economy: Double-Dip Recession Next Year, But Housing Rolls On

New Zealand's economy is expected to slip back into recession early next year as delayed job losses, falling consumer spending, and the absence of international tourists bites into growth. More>>

ALSO:

Microsoft New Zealand: Microsoft Expands “Highway To A Hundred Unicorns” Initiative To Support Startups In Asia Pacific

New Zealand, 14 October 2020 – Today Microsoft for Startups launches the Highway to a Hundred Unicorns initiative in Asia Pacific to strengthen the region’s startup ecosystem. This follows the initiative’s success in India, where 56 startups were ... More>>

Fonterra: Farmers Taking Another Step Towards New Zealand’s Low Emissions Food Production

They’re hot off the press and intended to help take the heat out of climate change. Fonterra farmers are already among the world’s most sustainable producers of milk and now have an additional tool in their sustainability toolbox. Over the last few ... More>>

ALSO:

Electricity: New Zealand Remains In Top 10 For Energy Balance

The World Energy Council’s Energy Trilemma Index has become part of the energy dialogue both globally and in New Zealand. The Index illustrates the need for countries to balance energy security, energy equity and environmental sustainability. New Zealand ... More>>

ALSO:


Courts: Businessman Eric Watson Sentenced To A Four-Month Jail Term

New Zealand businessman Eric Watson has been sentenced to a four-month jail term in the UK for contempt of court, TVNZ reports. More>>

OECD: Area Employment Rate Falls By 4.0 Percentage Points, To 64.6% In Second Quarter Of 2020

The OECD area employment rate – the share of the working-age population with jobs – fell by 4.0 percentage points, to 64.6%, in the second quarter of 2020, its lowest level since the fourth quarter of 2010. Across the OECD area, 560 million persons ... More>>

Spark: Turns On 5G In Auckland And Offers A Glimpse Into The Future Of Smart Cities

Spark turned on 5G in downtown Auckland today and has partnered with Auckland Transport (AT) to showcase some of the latest in IoT (Internet of Things) technology and demonstrate what the future could look like for Auckland’s CBD with the power of 5G. 5G is ... More>>

Stats NZ: Monthly Migration Remains Low

Since the border closed in late-March 2020, net migration has averaged about 300 a month, Stats NZ said today. In the five months from April to August 2020, overall net migration was provisionally estimated at 1,700. This was made up of a net gain ... More>>

University of Canterbury: Proglacial Lakes Are Accelerating Glacier Ice Loss

Lake Tasman, New Zealand | 2016 | Photo: Dr Jenna Sutherland Meltwater lakes that form at glacier margins cause ice to recede much further and faster compared to glaciers that terminate on land, according to a new study. But the effects of these glacial ... More>>

ALSO:

Dairy: Fonterra Sells China Farms

Fonterra has agreed to sell its China farms for a total of $555 million (RMB 2.5 billion*1), after successfully developing the farms alongside local partners. Inner Mongolia Natural Dairy Co., Ltd, a subsidiary of China Youran Dairy Group Limited ... More>>

ALSO: