Security loopholes mean some Netvigator customers could be in danger from hackers

Subscribers to Pacific Century CyberWorks' (PCCW's) Netvigator broadband Internet service could be vulnerable to hacker attacks due to security loopholes discovered by network security experts in certain models of modems made by France's Alcatel.

Last week, researchers at the San Diego Supercomputer Centre, a unit of the University of California at San Diego, and the Computer Emergency Response Team (Cert), based at Carnegie Mellon University, published back-to-back reports and warnings on their findings about the apparent flaws.

According to these organisations, the Alcatel Speed Touch Home ADSL modem and the Alcatel 1000 Network Termination Device - among the most widely-used broadband modems - could allow a hacker to remotely install new firmware, the software embedded in the modems.

This could allow hackers to take complete control of the device, including changing its configuration, and disrupting the communications between the telephone central office providing ADSL service and the device, the UCSD centre said.

Cert said exploiting the modems' vulnerabilities could bring 'unauthorised access, unauthorised monitoring, denial of service, information leaks', and disable the devices.

Netvigator - the Internet retail service arm of PCCW - has an installed base of about 200,000 broadband users and supplies customers with a range of DSL modems including models from NEC, 3Com and Arescom.