Four Danish researchers have demonstrated how a hacker could exploit a vulnerability in the firmware of some cable modems and completely hijack the modem to do whatever they want. The vulnerability which is called “Cable Haunt” is said to be present in way over 200 million cable modems worldwide and is described in this manner by the people who found it:
Cable Haunt is a critical vulnerability found in cable modems from various manufacturers across the world. The vulnerability enables remote attackers to execute abitrary code on your modem, indirectly through an endpoint on the modem. Your cable modem is in charge of the internet traffic for all devices on the network. Cable Haunt might therefore be exploited to intercept private messages, redirect traffic, or participation in botnets.
The vulnerable endpoint is exposed to the local network, but can be reached remotely due to improper websocket usage. Through malicious communication with this endpoint, a buffer overflow can be exploited to gain control of the modem.
The one thing that these cable modems have in common is that all the affected modems use Broadcom designed firmware. And updates to said firmware will be needed to close this vulnerability. The researchers note that there are presently no known attacks in the wild. But with the release of this report and the demonstration of how to exploit it, that is likely to change. Thus you have to hope that you haven’t been affected. To test if you could be vulnerable, there is a test script that you could run, but it’s not something that I would direct the general public to. Thus I am hoping that a more “user friendly” way to test for this vulnerability appears. That way it increases the pressure on ISP’s and modem manufacturers to get about fixing this.
Related
This entry was posted on January 13, 2020 at 10:10 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Security Vulnerability In Millions Of Cable Modems Could Leave You Vulnerable To Pwnage By Hackers
Four Danish researchers have demonstrated how a hacker could exploit a vulnerability in the firmware of some cable modems and completely hijack the modem to do whatever they want. The vulnerability which is called “Cable Haunt” is said to be present in way over 200 million cable modems worldwide and is described in this manner by the people who found it:
Cable Haunt is a critical vulnerability found in cable modems from various manufacturers across the world. The vulnerability enables remote attackers to execute abitrary code on your modem, indirectly through an endpoint on the modem. Your cable modem is in charge of the internet traffic for all devices on the network. Cable Haunt might therefore be exploited to intercept private messages, redirect traffic, or participation in botnets.
The vulnerable endpoint is exposed to the local network, but can be reached remotely due to improper websocket usage. Through malicious communication with this endpoint, a buffer overflow can be exploited to gain control of the modem.
The one thing that these cable modems have in common is that all the affected modems use Broadcom designed firmware. And updates to said firmware will be needed to close this vulnerability. The researchers note that there are presently no known attacks in the wild. But with the release of this report and the demonstration of how to exploit it, that is likely to change. Thus you have to hope that you haven’t been affected. To test if you could be vulnerable, there is a test script that you could run, but it’s not something that I would direct the general public to. Thus I am hoping that a more “user friendly” way to test for this vulnerability appears. That way it increases the pressure on ISP’s and modem manufacturers to get about fixing this.
Share this:
Like this:
Related
This entry was posted on January 13, 2020 at 10:10 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.