Cable modems haunted by newly discovered cyber vulnerability

A newly discovered cyber vulnerability could be putting hundreds of millions of cable modems — and users’ information — at risk, according to a group of Danish security researchers. 

The vulnerability — dubbed ‘Cable Haunt’ — allows “remote attackers to execute arbitrary code on your modem” via one of its endpoints and could potentially be used to intercept private messages, redirect traffic or participate in botnets, the researchers said through a dedicated website. 

The problem lies in Broadcom’s chips’ spectrum analyser, which is used in cable modems from various manufacturers all over the world — including almost 200 million in Europe alone — and lacks protection against DNS rebinding attacks, uses default credentials and features a programming error, the researchers said. 

While the problem is clearly widespread, the researchers said it’s difficult to get a precise estimate of Cable Haunt’s reach.

“The reason for this is that the vulnerability originated in reference software, which has seemingly been copied by different cable modems manufacturers when creating their cable modem firmware,” the researchers said on their website. 

“This means that we have not been able to track the exact spread of the vulnerability and that it might present itself in slightly different ways for different manufacturers.”

Attackers can gain access to the modems by tricking users into accessing a malicious page via their web browser and relaying an exploit to the spectrum analyser, the researchers explained. They can then “change the default DNS server; conduct remote man-in-the-middle attacks; hot-swap code or even the entire firmware; silently upload, flash or upgrade firmware; disable internet service providers’ (ISP) firmware upgrades; change config files and settings; get and set SNMP OID values; change all associated MAC addresses and change serial numbers”, the researchers continued. 

The researchers are now calling on ISPs to test their modems using either the researchers’ proof-of-concept code or their test script and release firmware patches against the vulnerability. 

A list of known vulnerable cable modems can be found under the website’s ‘Am I Affected?’ tab. To date, the researchers know of six ISPs across Denmark, Norway, Sweden and Germany that have reportedly fixed their devices.

Image credit: ©stock.adobe.com/au/Proxima Studio