itu-t Series-V: Data Communication Over the Telephone Network

Official Scope

Study Group: SG16 — Multimedia Coding, Systems and Applications
Active Status: Maintenance mode (V.90/V.92 still actively deployed)

Defines technical characteristics of modems and data communication equipment used over the Public Switched Telephone Network (PSTN): modulation schemes (V.21, V.34, V.90), error correction (V.42), data compression (V.44), and DTE-DCE interface standards (V.24 / RS-232).

Tactical Security Significance

• Relevance: 🟢 High — SCADA/ICS Legacy Communication Security, Modem War-Dialing, Out-of-Band Management Security
• Key Security Concepts: PSTN Modem War-Dialing (Shodan-for-PSTN), V.24/RS-232 Serial Interface Hardening, V.90 Modem Management Exploitation, Out-of-Band SCADA Link Protection
• Attack Surface: PSTN-connected SCADA modems in power plants, water treatment, and industrial facilities; analog modem backup channels for emergency network management

Key Recommendations

Security Mapping

SCADA/ICS Modem War-Dialing

Thousands of SCADA (Supervisory Control and Data Acquisition) systems — controlling power plants, water treatment, oil pipelines — use V.34/V.90 dial-up modems as primary or backup communication channels. These were installed before IP was ubiquitous and often have no authentication.

• Attack: War-dialing (automated PSTN scanning, tools like ToneLoc/WarVOX) identifies active modem banks; target SCADA systems accept connections without password or authenticate with default credentials
• Real-world impact: US-CERT advisories confirm power grid SCADA modems discovered via war-dialing with default or no passwords
• Mitigation: Replace PSTN modem channels with IPsec VPN or cellular (LTE/5G) with certificate-based authentication; if PSTN modems must remain, configure callback authentication and restrict to a whitelist of authorized calling numbers; periodically scan your own PSTN number ranges with war-dialing tools to discover unanticipated modem answers

V.24 (RS-232) Serial Interface — Physical Serial Attacks

V.24 defines the RS-232 serial interface used to connect terminals to network equipment (routers, switches, firewalls). Console ports on network devices use V.24 — a physical connection that bypasses all network authentication.

• Attack: Physical access to a V.24 console port allows full device administration — changing passwords, extracting running configurations, installing backdoors — without any network credential requirement
• Mitigation: Physically secure all console port access; implement console-port authentication (AAA via TACACS+); apply M.3410-compliant access controls to console port access; use Cisco-style "login local" or RADIUS authentication on console lines

V.44 Compression — Compression Side-Channel Risk

V.44 data compression is conceptually analogous to HTTP compression. In contexts where an attacker can influence the data being compressed over a modem channel while observing the compressed output size (oracle attack), information leakage analogous to CRIME/BREACH (TLS compression attacks) is theoretically possible.

• Context: Low-risk in most SCADA deployments, but relevant when modem links carry mixed attacker-controlled and sensitive data (e.g., telemetry + operator commands)
• Mitigation: Disable V.44 compression where channel content mixing is possible; prefer encrypting before compressing (always apply encryption to the full channel, not individual streams)

!NOTE This series is part of the master Series Tracker.