[1229] in bugtraq
Intelligent modems :-(
daemon@ATHENA.MIT.EDU (Christian Wettergren)
Sat Mar 11 18:20:59 1995
To: bugtraq@fc.net
Date: Sat, 11 Mar 95 22:50:18 +0100
From: Christian Wettergren <cwe@it.kth.se>
Hi!
Have you seen the new generation of "intelligent" modem chips?
I just saw that it is to configure them from the remote end.
If it is in LAP-M mode, just send of AT*R to them (protected
with a preset password of QWERTY). You may also use the command
<1s>****<1s> analog to the +++ sequence. You may even load
new software into the flash eeproms (though I don't think you
can do that from the remote end).
The specific modem chips I'm talking about are
Rockwell RC96V24AC, RC14V24AC, RC96ACW, RC144ACW,
RC96ACL/RC144ACL, RC96ACi/RC144ACi
They are present in Intel PCMCIA modems, among others.
This means it is possible to destroy an existing connection
without having the getty hang up the connection. (You reprogram
the modem beforehand from a remote site. You obviously don't
have to pass the login program's password prompt to talk
to the modem.) Then you can take over the connection by just
dial in to the broken connection quickly. I think you can
see the scenario before you. :-(
I would call this a disasterous case of feeping creaturism.
"Oh gee, we have some spare chip area here, what shall we do
with it??"
I'm just waiting for the "intelligent" floppy driver that
loads sectors starting with "FOOFOO" into the flash prom. :-)
Have anyone else seen similar "misfeatures" in devices?
/Christian Wettergren, cwe@it.kth.se
