T 2.37 Uncontrolled usage of communications lines

When using communication cards within an IT system (fax, modem, or ISDN cards), it is not always possible for the user to determine what information was transmitted along with his usage and protocol information. After enabling a communication card, it is possible in principle for the card to open lines of communication to undesired devices without any user interaction or for third parties to communicate with the card using the remote functionality offered by the card (but which the user was not even aware of).

Examples:

• While configuring a fax card for the first time, the installation program requested the user to enter the country code for Sweden. This probably means that the manufacturer of the card wanted to obtain information relating to the use of its product, possibly for marketing reasons.
• A large number of modem cards support remote access capabilities for accessing IT systems. Although such accesses can be secured in part using mechanisms integrated into the cards (callback option and caller authentication), these mechanisms are not normally enabled in the default settings. An IT system configured in this manner can be manipulated completely from the outside using the modem card.