Frequently Asked Questions
Alcatel Speed Touch Home Vulnerabilities
Q. What models are affected by these vulnerabilities?
A. The Alcatel "Speed Touch Home" and "1000 ADSL." We have not tested any other models.

Q. Is the "Speed Touch Pro" the same as the "Speed Touch Home?"
A. No. According to Alcatel, the "Speed Touch Pro" has routing and optional firewall capabilities. Alcatel has information on the Speed Touch Pro here and the Speed Touch Pro with Firewall here.

Q. Is there a firewall in the Speed Touch Home or 1000 ADSL?
A. No. See this FAQ from Alcatel.

Q. My "Speed Touch Home" shows the configuration setting "Firewalling on." Am I safe?
A. No. We have had this setting turned on during all of our tests. And Alcatel says that the product does not have a firewall.

Q. How do I generate one of those nifty charts?
A. That information will be forthcoming soon.

Q. Can you help me configure my ADSL router/bridge/modem to be more secure or run faster?
A. No.

Q. I have a router/bridge/modem that has these vulnerabilities. Should I change equipment? If so, what do you recomment?
A. We can't really answer that question. The only devices we have examined are the two mentioned above. We cannot say whether other devices have these same vulnerabilities, or other vulnerabilities.

Q. Why didn't you notify Alcatel before releasing this advisory?
A. We did.

Q. Aren't you just dredging up old vulnerabilities? I heard that they had been found a couple of years ago!
A. Only one of the vulnerabilities we announced (lack of a default password -- see was previously known. All of the other vulnerabilities are newly discovered.

Q. Why are you singling out Alcatel? There must be other vendors who ship vulnerable equipment.
A. We did not "single out" Alcatel, we just happened to use their equipment. We're not saying that they are any better or worse than any other company selling similar products.

Q. There are other vulnerabilities in this equipment. How come you didn't mention them?
A. Because we got tired of typing.

Q. These are just theoretical vulnerabilities. Nobody's actually done these things!
A. We have actually successfully exploited every vulnerability described in our advisory.

Q. It would take a really smart person to exploit these vulnerabilities, wouldn't it?
A. It only takes one "smart" person to write an exploit, and then millions of script-kiddies can use the exploit. And we believe that a lot of this really isn't that difficult.

Q. How do I make my DSL modem faster/more reliable/work?
A. Ask your service provider.

Q. What can I do to fix these vulnerabilities?
A. Ask your service provider. If they won't help, you can look at our tools page, but we really don't recommend that you try this.

Q. I just read your advisory. Who do I call to complain?
A. Talk to your service provider.