An anonymous reader writes: Recently I received an ADSL modem from my landline provider, I have plugged it in and began exploring what it was capable of doing.
I have found out that under it's default configuration it has more security holes than a Swiss cheese, wireless is active, receives configuration updates from a TR-069 server, UPNP is active, it also has some preconfigured bridges to some unknown preconfigured VPI,VCI and an open TCP port (besides the one that is used from UPNP) that peeked my interest.
Some of the holes that were discovered were plugged but I didn't find a way to close the open port.
I also heard some stories that the landline provider has remotely connected to some users and has fixed their modem issues although it is a great thing I prefer to do it myself and consider it a security risk.
Digging around I found out that it contains Linux kernel and what appears to be a crippled BusyBox, so I contacted my landline provider and have asked him to provide the source code for the GPLed software so I could find out the process that keeps the port open and kill it, they refused.
I am a fan of Linux and personally use it, I have notified the author of the busybox of the apparent violation but my main concern is the possible security holes in the device.
Any idea on what can be done in order to secure it?