Exclusive : DoT issues Guidelines on ADSL Modems for Broadband Internet Access Security

By March 13th, 2014 AT 3:37 PM

The Department of Telecom (DoT) has issued new guidelines for Broadband and Internet service providers about vulnerabilities in the ADSL Modems that its concerns around national security.

Internet - Broadband

According to the DoT, in recent past concerns have been raised about vulnerabilities in the ADSL Modems. These vulnerabilities can be exploited by attackers to implant malwares in modems, change configuration or manipulate data etc. Vulnerability in ADSL Modems needs to be addressed by all ISPs to the extent possible.

The Department of Telecom (DoT)’s  guidelines for ADSL Modem :

  • The ADSL Modems are presently supplied by vendors with default setup of user id & password as admin and admin respectively. The default password needs to be changed to a strong password by customer at the time of installation of modem at customer site, to avoid unauthorized access to modem. The ISP (Broadband service provider) executive visiting customer for installation of modem should ensure this. He should duly explain to customer, the process to change the password.
  • The protocol ports in ADSL modem on WAN side (e.g. FTP, TELNET, SSH, HTTP, SNMP, CWMP, UPnP) be disabled. These ports may be used by the hackers to enter into the ADSL Modem to misuse/ compromise the ADSL Modems by way of implanting the malwares, changing the DNS entries in the modem.
  • There should be mechanism to upgrade the firmware of the ADSL remotely by ISPs. For this ISP needs to have separate login password, which is not possible in the present system of ADSL Modem design. Ideally there should have been separate logins for modem for its LAN & WAN side.
  • Since at present there is only one login for both LAN & WAN side in modems, which is to be kept by customer only, ISP should advise the customer to upgrade/ download the latest firmware & software of their modem by visiting the site of the manufacture’s website or from their website in case of ISP supplied ADSL modems . This should be advised by the ISP at the time of installation and periodically disseminated by other means also to the customer like printing on bills, bill inserts etc.
  • ISP should provide information about the website of manufactures on their website.
  • The possibility of having separate user id & password for LAN & WAN should be explored with vendors for future supplies along with other necessary security features in ADSL Modems. The timeline for introduction of such ADSL modems will be decided separately, if needed.
  • There is a reset button in every modem. Whenever it is operated, al configuration settings in ADSL Modem are reset to default factory settings, resulting the resetting of modem login & password to default admin & admin respectively. Customer should change the default password again to earlier password or any other new password. All customers should be made aware regarding this feature.
  • Customer may be advised to switch off their ADSL Modem, when not in use.

DoT also told to all ISPs, that these instructions should be followed immediately for new Broadband / Internet customers and all existing customers should be communicated via phone or e-mail and ask the customer to change the password. The ISP will assist the customer to change the password including by physical visits. The above instructions should be complied with in 60 days.

Leave a Reply

Photo and Image Files
6 Comment threads
0 Thread replies
Most reacted comment
Hottest comment thread
6 Comment authors
RahulGaneshBiswadeepSudhakarFirstonnet Recent comment authors
newest oldest most voted

I doubt that mtnl aunties know the reset button !!


I strongly oppose the feature which allow a remote party to upgrade my firmware or change any setting in my modem. It’s my modem, I should be the one who should be upgrading the firmware whenever I want. The WAN login feature is nothing but a grave security risk! This should NEVER be implemented! Ever!

Recent Posts

Facebook “Manage Activity” Feature Enables Users to Delete Unpleasant Memories

Facebook on Tuesday introduced a new Manage Activity feature that enables users to trash or archive old posts. The company...

Vodafone Idea and Nokia Deploys Largest MIMO and DSR Technology in India

Vodafone Idea and Nokia have finished the first phase of deploying the world’s largest Dynamic Spectrum Reframing in India. Not...

Oppo Find X2 Series Scheduled to Land in India on June 17

Oppo India on Wednesday announced that the Find X2 series smartphones will officially land on the Indian shores on June...