Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday January 13 2020, @03:40PM   Printer-friendly
from the 3-strikes dept.

Hundreds of millions of cable modems are vulnerable to new Cable Haunt vulnerability:

A team of four Danish security researchers has disclosed this week a security flaw that impacts cable modems that use Broadcom chips.

The vulnerability, codenamed Cable Haunt, is believed to impact an estimated 200 million cable modems in Europe alone, the research team said today.

The vulnerability impacts a standard component of Broadcom chips called a spectrum analyzer. This is a hardware and software component that protects the cable modem from signal surges and disturbances coming via the coax cable. The component is often used by internet service providers (ISPs) in debugging connection quality.

On most cable modems, access to this component is limited for connections from the internal network.

The research team says the Broadcom chip spectrum analyzer lacks protection against DNS rebinding attacks, uses default credentials, and also contains a programming error in its firmware.

Researchers say that by tricking users into accessing a malicious page via their browser, they can use the browser to relay an exploit to the vulnerable component and execute commands on the device.

Cable Haunt: Millions of Cable Modems With Broadcom Chips Vulnerable to Attacks:

Hackers may be able to remotely take complete control of cable modems from various manufacturers due to a critical vulnerability affecting a middleware component shipped with some Broadcom chips.

The vulnerability, dubbed Cable Haunt and tracked as CVE-2019-19494, was identified by researchers from Lyrebirds and an independent expert. They've reproduced the attack on ten cable modems from Sagemcom, Netgear, Technicolor and COMPAL, but other manufacturers also likely use the Broadcom chip containing the vulnerability.

The researchers estimate that 200 million modems were initially affected by this vulnerability in Europe alone. However, over the past year they have been notifying affected ISPs — cable modems are typically provided to internet users by ISPs — and four companies in Denmark and Norway have reported patching their devices after being notified.

The flaw is related to a tool called spectrum analyzer, which uses a websocket to communicate with the device's graphical interface in the browser. The vulnerable tool is only exposed to the local network, but Cable Haunt attacks can also be launched from the internet by getting the targeted user to visit a malicious website or a site that serves malicious ads.

A hacker can set up a website that launches a DNS rebinding attack to gain access to the local network and execute the Cable Haunt exploit. DNS rebinding allows a remote hacker to abuse a targeted user's web browser to directly communicate with devices on the local network — in this case with the cable modem.

The researchers who discovered Cable Haunt explained that cross-origin resource sharing (CORS) in the browser should prevent such attacks, but they discovered that all of the tested modems were vulnerable to DNS rebinding.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Tuesday January 14 2020, @06:02AM

    by Anonymous Coward on Tuesday January 14 2020, @06:02AM (#943007)

    Isn't it revealing how the government raised holy hell over Volkswagen Diesel and emissions... But are so tolerant of sloppy business grade crap that embeds executables into arbitrary data files?

    Maybe Boeing building Business Grade aircraft will highlight the aftermath of building Business Grade stuff in the first place. Grandpa always told me if I can't find the time to do it right, I will have to make time to do it over. That paradigm does not seem to be a part of a Business education these days.