Security of ISP Access Networks: Practical Experiments

Home Internet connections are becoming more and more important in our every day life. Many Internet Service Providers (ISP) include an Integrated Access Device (IAD) in their offers allowing the customer to easily take advantage of all the included services. This IAD is connected to a local loop, most of the time based on the Public Switched Telephone Network (PSTN). The local loop and the IAD together constitute the access network of an ISP. To our knowledge, very few studies addressed the security of these access networks. This is the purpose of this paper. We first present a platform and a set of experiments aiming at capturing and analysing communications on the localloop. This platform allowed us to carry out a comparative study of the security of six IADs from different ISPs, by analysing the network protocols used during their boot-up process. The results of this first study revealed a security weakness for two of the six access networks, especially during the firmware update procedure of the IADs. A second platform and set of experimentsare then presented, which allow us to experimentaly test the possible exploitation scenarios of the identified weakness. Finally, we show that the security issues pointed out above, dont only impact the IAD, but also any other home Internet connected device, implementing firmware updates.