A "cable infestation" flaw could hack Hundreds of millions of cable modems

A "cable infestation" flaw could hack Hundreds of millions of cable modems

Updated on January 13 to add the cable modem model in which the vulnerability was discovered and to add comments from Broadcom This article was originally published on January 12, 2020 [Hundreds of millions of cable modems worldwide may be vulnerable to a software flaw named "Cable Haunt" by the Danish discoverers [The flaw is in Broadcom's system-on-a-chip used in many cable modems, specifically in the software that runs the spectrum analyzer that protects against power surges in cable signals

When we reached out to Broadcom for comment, a spokesperson for the company responded: "We have made a related correction to the reference code and this correction was made available to customers in May 2019"

However, a skilled attacker could embed attack code in web pages or email messages and exploit the flaw when a victim views them with a web browser

A successful attacker could seize control of the modem and send users of the compromised network to malicious websites, launch man-in-the-middle attacks against online transactions, or modify modem firmware, finds Cable Haunt Cable Haunt can send users of compromised networks to malicious websites, launch man-in-the-middle attacks on online transactions, and modify modem firmware, according to researchers at Lyrebirds, a Danish security firm that discovered Cable Haunt and launched a website detailing the flaw

Unfortunately, there is still not much that can be done about the Cable Haunt flaw Four Scandinavian Internet service providers have remotely patched their customers' cable modems, but ISPs in other regions do not appear to have responded yet

It is unclear why Lyrebirds implied that these ISPs had patched their customers' modems only after being notified by researchers, even if Broadcom had provided the patch months ago

Today, some good anti-virus software can be used to screen out malicious websites and e-mail messages

The attack code does not care which desktop platform is used, because it is not a matter of which platform

Using only Mozilla Firefox for the time being may also be useful, as the FAQ on the Cable Haunt website states, "In general, the websocket server for the spectrum analyzer is not compatible with the websocket version used by Firefox and are not compatible with Firefox" It notes However, it adds that "other techniques to exploit certain modems" will work in Firefox

The Lyrebirds team believes that nearly 200 million cable modems in Europe alone may be vulnerable to Cable Haunt

According to Lyrebirds researchers, models known to be vulnerable include the Arris Surfboard CM8200A, Arris Surfboard SB6183 (which Lyrebirds mislabeled as the non-existent SB6813), Arris Surfboard SB8200, COMPAL 7284E, COMPAL 7486E, Humax HGB10R-02, Netgear C6250EMR, Netgear CG3700EMR, Netgear CM1000, Sagemcom F@st 3686, Sagemcom F@ st 3890, Technicolor TC4400, Technicolor TC7230, Technicolor TC7300

If you are renting a cable modem or a cable modem and router combination from your ISP, contact your ISP to determine if your model is vulnerable to the Cable Haunt flaw If so, ask when firmware updates will be available

If you own a cable modem, your first step is to find out if your modem has a Broadcom chipset Unfortunately, most cable modem manufacturers do not include such information in their customer documentation So Google the name and model number of the modem and the word "chipset" to find out what's inside the modem

We found that the old Arris Surfboard SB6141 used a Texas Instruments chipset, which turned out to be a good thing However, two later Arris models, the Surfboard SB6183 and SB8200, use Broadcom chipsets, and the latter is on the list of known models vulnerable to Cable Haunt

Below is a link to a table listing the chipsets used in some Arris and Netgear modems and modem/routers

If you own a modem and are Linux-savvy and fairly tech-savvy, the Lyrebirds team has posted a script on Github that you can run to see if your modem is vulnerable to Cable Haunt If you own a Sagecom F@st 3890, you can also run the proof-of-concept exploit script

Here's the problem: even if you own your own modem or modem/router, you probably have to wait for your ISP to update the firmware for your model ISPs are very picky about which customer-owned modems their networks are compatible with, This extends to firmware as well

For example, neither Arris nor Netgear allows customers to update the firmware on their cable modems Instead, they pass the firmware to their ISPs, who test it to make sure it does not cause problems

Categories