Wed. Jul 15th, 2020

Researchers find security flaws in cable modems

2 min read

Cable Modems is a network device that can connect both a cable television network and a broadband network. Such equipment is usually installed when the operator provides users with both radio and television programs and the Internet and is currently widely used in most regions.

A security team from Denmark recently discovered that serious security flaws in cable modems could endanger the health of the entire Internet. It is called Cable Haunt. Attackers can remotely manipulate these cable modems and form botnets with the help of vulnerabilities, and such devices are used more than 100 million worldwide.

Researchers say that there are as many as 200 million cable modems in Europe alone, and more affected devices are being looked at globally.

An attacker can use a phishing page to remotely modify the cable modem’s default DNS settings, perform a remote man-in-the-middle attack (MIT), or execute arbitrary code remotely.

An attacker can silently upload and update the firmware of the cable modem. For example, the attacker can make firmware containing malicious scripts and perform remote flashing.

Prevents network operators from debugging or performing firmware upgrades through components, and modifies all configuration files and related configuration options in the cable modem.

Finally, the most worrying thing is that these affected demodulators can be used to form botnets. The installation of such a large scale has great potential consequences.

When analyzing the vulnerability, the researchers also found that the vulnerability may initially come from reference software that appears to have been produced by duplicating firmware from different manufacturers.

The researchers said that after analyzing the firmware of multiple manufacturers, they found that the cores of this firmware are basically the same, and the vulnerabilities are similar but only slightly different.

Therefore, it is not possible to estimate the total number of potentially affected equipment according to different manufacturers, but currently, it is conservatively estimated that more than 200 million units are affected in the European market alone.

At the same time, researchers have also provided proof-of-concept codes for testing by operators and security experts to check whether certain types of equipment are affected.