BEREC routers consultation, or "Why ISPs should not get their hands on my router"


BEREC is running a public consultation on the freedom to use your own router to connect the internet.



Dear Sir,

Thanks first of all to organize this public consultation on terminal
equipment required to access the public internet, also known as
"modems" or "routers".

Over the last 20 years, I have worked on FLOSS software projects which
"controls" those consumer routers, such as cable modems, ADSL modems,
or just simple routers.

You will find an extensible list of my contributions through my
personal website:

I have wrote custom software and adapted existing FLOSS and non-FLOSS
software for widely deployed VDSL modems in Belgium, such as the
Belgacom Box 1, 2, 3 and 3+.

In 2010, I found several severe security flaws in the BBOX2 (open
wifi, open telnet, same publicly known login+password on all those
boxes), where malicious users could get an administrator shell on the
router from the street.

This vulnerability was most probably used to gather thousands of PPP
credentials from end users around Brussels:

I made a presentation of my findings at a security conference Hackito
Ergo Sum in Paris, and Belgacom was notified at the time of the
security flaws:

But it took them more then 2 years to fix those obvious security
problems, despite my communications with their security experts
decorated with many certifications on its Linkedin profile.

My conclusion is that we cannot trust some third parties, such as
ISPs, to have the control of the software in our homes, as it creates
an insecure point in the network which is being used by malicious
actors to spy on users, compromise their privacy, and spread malware
such as miners.

It is why I urge you to refuse any pressure from the ISPs to put their
dirty hands on our routers located in our homes.

Best regards,

Benjamin Henrion (zoobab)
Email: zoobab at
Mobile: +32-484-566109
Web: Brussels
"In July 2005, after several failed attempts to legalise software
patents in Europe, the patent establishment changed its strategy.
Instead of explicitly seeking to sanction the patentability of
software, they are now seeking to create a central European patent
court, which would establish and enforce patentability rules in their
favor, without any possibility of correction by competing courts or
democratically elected legislators."