Do BT modems really contain NSA back-doors?

A team of researchers has accused BT of hiding an NSA back-door in their modems, allowing governments to keep tabs on your internet activities.

The document, called “Full Disclosure: The Internet Dark Age”, which was posted on the Cryptome leaks website, claims to outline proof that BT has embedded a government back-door into broadband modems.

The anonymous researchers claim the government back door will grant access to what would otherwise be private home networks via the modem provided as part of the standard broadband package.

The American National Security Agency (NSA) has been in the spotlight lately after former contractor Edward Snowdon discovered millions of classified documents outlining the government’s “signals intelligence” on the average broadband user.

These documents were then leaked to the press and suggested that the American government – among others – had been illegally collecting data from the public. One of the ways they were obtaining such data was through back-door access, similar to that said to be present in BT modems.

“BT [is] directly responsible for covertly embedding secret spy equipment in millions of homes and businesses within the UK as our evidence will demonstrate”, reads the document from the anonymous researchers named “The Adversaries”.

The NSA had been accused of directly attacking network services including firewalls and routers, with the majority of these having surveillance pre-built in. They could also be remotely activated by those in the know.

The Adversaries claim that they discovered a hidden virtual local area network within the modem after gaining local access to the BT modem using a USB cable wired directly to the motherboard.

This hidden local area network connects to the NSA and the UK’s Government Communications Headquarters (GCHQ) and is run by the modem itself.

The secret network isn’t visible by anyone using a LAN-side package capture tool or from the router’s admin pages. However, this network could allow the government to insert false entries in the DNS table, access home computers or to simply mirror and capture all of your ingoing and outgoing internet activities.

“This clearly demonstrates that the UK Government, US Government, US Military and BT are co-operating together to secretly wiretap all Internet users in their own homes,” claims The Adversaries. “If you cannot confirm otherwise, you must assume that all ISPs in the UK by policy have the same techniques deployed.”

The majority of ISPs provide a locked-down, pre-configured modem to use with their broadband package. It aims to simplify the broadband connection experience for all users, but simultaneously makes them very difficult to validate the configurations contained within them.

The Adversaries claim that this is a deliberate move to conceal the hidden local area network contained within the modem.

“BT goes to extreme lengths to prevent anyone from changing the firmware,” explains The Adversaries. “Those that come close are first subjected to physical and psychological barriers and the few that overcome that are subjected to a separate NSA/GCHQ targeted social attack designed specifically to derail any engineering progress made.”

Analysis by Andy Vandervell, Deputy Editor
Has BT really installed an obliging back-door for the NSA and GCHQ to use? You’ll forgive me if I’m sceptical and only a cursory amount of research blows some holes in the claims.

The report’s argument hinges on the fact that there’s a second IP assigned to BT’s routers that the researchers claim is the route of the back-door, and that IP addresses used belong to the US Department of Defence.

But Robert Graham, a security researcher and expert from Errata Security, points out that there is a very logical and plausible explanation for why BT would use DoD IPs:

“The reason all these address spaces are DoD is because that’s really the only source of unused IPv4 addresses left. All IPv4 address ranges have been assigned. But, the DoD has been assigned 20% of the IPv4 address space, but most of it is used within the DoD, on their own private networks, and is not routable to the outside world. Thus, if you are looking for a large chunk of “private” addresses that won’t suddenly one day be assigned to Akamai or Amazon (and thus, explode in your face), then DoD addresses are the way to go.”

He further points out that there’s no actual evidence of NSA spying and that “many networks use publicly allocated DoD addresses inside their network as private addresses.” In this case, BT routers have the second IP so it can push software updates, which is pretty important if you want to ensure home networks are secure and work properly.

Tempting as it might be to assume the worst, I’m happy to take the word of BT and a trusted security report over an anonymous report of unknown providence.

Read more: Best routers 2013

Via: Bit-tech