[LINK] Router "firewall" security, NBN QC, etc

Fri Jun 2 13:01:38 AEST 2017

Recently I bought a modem / router / firewall / etc. which includes a VoIP (FXS) port from an Australian supplier (it wasn't bought on the 'net!).  This device seems to be widely distributed by ISPs for NBN connectivity, however I soon found some problems.

(1)  The default telephony configuration was entirely Chinese so the call-progress tones and ring cadence were those for China, though this has apparently been rectified in a subsequent firmware update.  However URLs associated with the H248 and MGCP (Media Gateway Control Protocol Gateway) protocols, while technically valid in that context, still link to Chinese corporations.

(2)  If a user's ISP doesn't prepend their area code to 8-digit dialled numbers, then it's necessary to dial the whole 10 digits, even when calling the people next door.  Of course this issue raises wider questions because a POTS subscriber's area code is physically associated with their copper but a VoIP service is portable.

(3)  Pottering around in the O/S revealed two URLs linked to a European site but with no obviously valid purpose, which immediately raised suspicions of a back-door or other security issue.  The supplier responded that "I agree that this files have no obvious purpose and have been left for no obvious reason but I can confirm that it is not suspicious and does not compromise security or firewall of the device."  How they arrived at this comforting conclusion wasn't stated.

(4)  Whirlpool commentary indicated significant performance & stability problems, although it seems these have all recently been fixed too with the latest firmware update.

This device and a Huawei product appear to be physically identical, though the latter may have more features.  I'd guess it all comes from China Inc. one way or another.

It's interesting to reflect that the NBN project originally placed NBN hardware of known performance in customer premises.  However the "multi-technology mix" relies on unknown third-party devices, except possibly for FTTP services.  Who do I now complain to regarding poor voice quality - the ACA?

Has Malcolm's new cyber-security Tsar considered these sorts of issues?  Suppose 50% of the NBN terminating devices supplied to Australian users contained malware (of whatever origin) which could be operated in a controlled way...

David L.