Facebook   Tumblr   LinkedIn

Millions of Home Cable Modems at Risk


Walden Systems Geeks Corner news Millions of Home Cable Modems at Risk Rutherford NJ New Jersey NYC New York City North Bergen County
Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.

Several cable modems used by ISPs to provide broadband into homes have a critical vulnerability in their underlying architecture that could give a hacker full remote control of the device. Hundreds of millions of cable modems are affected worldwide.

The bug, CVE-2019-19494, is found in cable modems across multiple vendors, including Arris, COMPAL, Netgear, Sagemcom, Technicolor and others. It originated in software written by Broadcom which has been copied by different cable-modem manufacturers and used in the devices' firmware. The bug allows a buffer overflow, which could enable a remote hacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. The cable modems are vulnerable to a DNS rebind attack followed by overflowing the registers and executing malicious functionality. The exploit is possible due to lack of protection against DNS rebind attacks, default credentials and a programming error in the spectrum analyzer.



In a proof-of-concept, researchers were able to demonstrate a two-step attack. First, they compromised the spectrum analyzer component on board a modem, which resulted in local access. The spectrum analyzer uses a websocket for communication with the graphical frontend displayed in a browser, and a server must verify the relevant request parameters added by the browser. Because these parameters are never inspected by the cable modem, the websocket will accept requests made by JavaScript running in the browser regardless of origin, thereby allowing hackers to reach the endpoint. In the second step, researchers demonstrated how a DNS rebind attack can be used to gain remote access to the compromised spectrum analyzer. DNS rebinding is a technique that turns a victim's browser into a proxy for attacking private networks.

The vulnerabilities can give hackers full remote control over the entire unit, and all the traffic that flows through it, while being invisible to both the user and ISP. Hackersrs could intercept private messages, redirect traffic, add the modems to botnets, replace their firmware and more. They could also direct the modem to ignore remote system updates, which could complicate any patching process.