Researcher Unearths Flaw in Popular Modems
More than 135 million modems around the world area vulnerable to a flaw that can be targeted to knock them offline, according to a report by The Hacker News.
The flaw, which can be exploited remotely, was unearthed by security researcher David Longenecker and is affecting one of the most popular and widely-used cable modems in the US, the Arris SURFboard SB6141.
According to Longenecker, the vulnerability leaves the modems open to unauthenticated reboot attacks.
Apparently, because the Arris does not provide any password authentication set up on its user interface, a local attacker can access the admin web interface at 192.168.100.1 without needing to enter a username/password.
From there, an attacker can carry out a Denial of Service attack by opting to ‘Restart Cable Modem’, disabling the modem for two to three minutes and knocking every device on the network offline.
Whilst two or three minutes without an internet connection is far from the end of the world, the attacker would also have the opportunity to select a Factory Reset, which would wipe out a modem’s configuration and settings. This would prove far more inconvenient as internet access would be lost for 30 minutes with the re-configuration process taking up to an hour to complete.
However, The Hacker News was quick to point out that this flaw is easily patchable and Arris has recently addressed the issue with a firmware update which it is in the process of making available to its customers.
UPDATE: Since this news broke, Arris has reached out with the following statement: “ARRIS recently addressed the reported GUI access issue with a firmware update. We are in the process of working with our Service Provider customers to make this release available to subscribers. There is no risk of access to any user data, and we are unaware of any exploits. As a point of reference, the 135 million number is not an accurate representation of the units impacted. We take product performance very seriously at ARRIS. We work actively with security organizations and our Service Provider customers to quickly resolve any potential vulnerabilities to protect the subscribers who use our devices.”
Source: Information Security Magazine