La sécurité des box ADSL. Analyse de risques et expérimentations

Many French Internet providers include an ADSL box in their offers allowing the customer to easily take advantage of all the services included in the offer. This equipment drastically reduces the technical skills required to install the Internet connection at home. But, to our knowledge, very few studies propose to evaluate the security of these ADSL boxes. This is the purpose of this paper. This paper presents 1) a risk analysis of such equipment, following the EBIOS methodology, and 2) experiments aiming to illustrate the existence of an attack Ingénierie des systèmes d’information – n 6/2014, 63-88 64 ISI. Volume 19 – n 6/2014 scenario corresponding to one of the risks identified during the analysis. The first part of this paper describes the risk analysis, which allowed us to identify a risk leading us to study the local loop. The second part introduces a novel method allowing us to sniff and analyze all the network protocols used during the boot-up sequence of ADSL boxes. This study allowed us to identify a potential security problem for two of the boxes we have analyzed. Finally we present a platform illustrating possible exploitations of these weaknesses. MOTS-CLÉS : box, ADSL, DSLAM.