Exclusive : DoT issues Guidelines on ADSL Modems for Broadband Internet Access Security

By March 13th, 2014 AT 3:37 PM

The Department of Telecom (DoT) has issued new guidelines for Broadband and Internet service providers about vulnerabilities in the ADSL Modems that its concerns around national security.

Internet - Broadband

According to the DoT, in recent past concerns have been raised about vulnerabilities in the ADSL Modems. These vulnerabilities can be exploited by attackers to implant malwares in modems, change configuration or manipulate data etc. Vulnerability in ADSL Modems needs to be addressed by all ISPs to the extent possible.

The Department of Telecom (DoT)’s  guidelines for ADSL Modem :

  • The ADSL Modems are presently supplied by vendors with default setup of user id & password as admin and admin respectively. The default password needs to be changed to a strong password by customer at the time of installation of modem at customer site, to avoid unauthorized access to modem. The ISP (Broadband service provider) executive visiting customer for installation of modem should ensure this. He should duly explain to customer, the process to change the password.
  • The protocol ports in ADSL modem on WAN side (e.g. FTP, TELNET, SSH, HTTP, SNMP, CWMP, UPnP) be disabled. These ports may be used by the hackers to enter into the ADSL Modem to misuse/ compromise the ADSL Modems by way of implanting the malwares, changing the DNS entries in the modem.
  • There should be mechanism to upgrade the firmware of the ADSL remotely by ISPs. For this ISP needs to have separate login password, which is not possible in the present system of ADSL Modem design. Ideally there should have been separate logins for modem for its LAN & WAN side.
  • Since at present there is only one login for both LAN & WAN side in modems, which is to be kept by customer only, ISP should advise the customer to upgrade/ download the latest firmware & software of their modem by visiting the site of the manufacture’s website or from their website in case of ISP supplied ADSL modems . This should be advised by the ISP at the time of installation and periodically disseminated by other means also to the customer like printing on bills, bill inserts etc.
  • ISP should provide information about the website of manufactures on their website.
  • The possibility of having separate user id & password for LAN & WAN should be explored with vendors for future supplies along with other necessary security features in ADSL Modems. The timeline for introduction of such ADSL modems will be decided separately, if needed.
  • There is a reset button in every modem. Whenever it is operated, al configuration settings in ADSL Modem are reset to default factory settings, resulting the resetting of modem login & password to default admin & admin respectively. Customer should change the default password again to earlier password or any other new password. All customers should be made aware regarding this feature.
  • Customer may be advised to switch off their ADSL Modem, when not in use.

DoT also told to all ISPs, that these instructions should be followed immediately for new Broadband / Internet customers and all existing customers should be communicated via phone or e-mail and ask the customer to change the password. The ISP will assist the customer to change the password including by physical visits. The above instructions should be complied with in 60 days.

Leave a Reply

Photo and Image Files
6 Comment threads
0 Thread replies
Most reacted comment
Hottest comment thread
6 Comment authors
RahulGaneshBiswadeepSudhakarFirstonnet Recent comment authors
newest oldest most voted

I doubt that mtnl aunties know the reset button !!


I strongly oppose the feature which allow a remote party to upgrade my firmware or change any setting in my modem. It’s my modem, I should be the one who should be upgrading the firmware whenever I want. The WAN login feature is nothing but a grave security risk! This should NEVER be implemented! Ever!

Recent Posts

DoT Circulates Draft Cabinet Note for Allocation of 4G Spectrum to BSNL and MTNL

State-run telcos, Bharat Sanchar Nigam Limited (BSNL) and Mahanagar Telephone Nigam Limited (MTNL) have been under pressure for not generating...

D2h Subscribers Bound by Two Month Lock-in Period on Sports Channels Due to Cricket Season

Ever since the beginning of the cricket season, the DTH industry was brewing with new offers, packs and discounts which...

Vodafone Idea Partners Up With SonyLIV to Bring More than 1,000 Premium Movies and TV Shows for Subscribers

Vodafone Idea has made another strategic move in the content segment thus strengthening its position in the industry further by...