Double Backdoor Exposed In Arris Cable Modems

Status
Not open for further replies.

SkyBill40

Honorable
As above, I'm glad my SB6141 isn't on that list. This is pretty negligent on the part of ARRIS; however, at least there are some good natured and intelligent people out there to catch things like this and elicit change.
 

LotusTeaDragon

Reputable
Nov 21, 2015
9
0
4,510
0
Is there anything that can be done, in the meantime, for those of us with one of these modems? I have no money to replace a cable modem, and I doubt TWC will issue me a new one because this one isn't secure.
 

Ddt3

Reputable
Nov 21, 2015
4
0
4,510
0
I am an engineer for a US top ten cable company, and we were given access to the firmware fix for this issue before this article was even posted. The amount of fear mongering in this post is disappointing. Arris came to us and told us themselves and then had the new firmware sent to us two days after. There will be some needed testing of the firmware, but the article is completely wrong about saying Arris hasn't acknowledged or worked to fix this.
 

LotusTeaDragon

Reputable
Nov 21, 2015
9
0
4,510
0


I sincerely hope you're right. I don't like having a security issue outside of my control. It's one thing to tighten down one's own security holes, and quite another to wait while the necessary steps are carried out well above one's own head. You say that you work for a top ten cable company in the U.S., so do you think this article, as it gets posted elsewhere across the internet, will force your company (and others as well) to move up the release date on this patch?
 

Ddt3

Reputable
Nov 21, 2015
4
0
4,510
0


There's many steps that can be taken the mitigate the risk, which most cable companies do in the first place. We block all traffic to the cable modem itself unless it sources from a network we specify. You can't exploit a modem you can't connect to. With that said, public knowledge of the threat makes us move up our time line as much as we can, but that doesn't mean deploying a firmware load we aren't certain won't break or service to customers. This is a concerning exploit, but I think the article overstated the risk to customers.
 

alidan

Splendid
Aug 5, 2009
5,303
0
25,780
0


There's many steps that can be taken the mitigate the risk, which most cable companies do in the first place. We block all traffic to the cable modem itself unless it sources from a network we specify. You can't exploit a modem you can't connect to. With that said, public knowledge of the threat makes us move up our time line as much as we can, but that doesn't mean deploying a firmware load we aren't certain won't break or service to customers. This is a concerning exploit, but I think the article overstated the risk to customers.
with this one line "but that doesn't mean deploying a firmware load we aren't certain won't break or service to customers." and the service we have come to expect in the us, i have to doubt the legitimacy of your claim. i'm just remembering the week+ at the end of our stint with direct tv where everything was broken and they told us to pound sand till they learned we had options.
 

Calvin Huang

Reputable
Jan 9, 2015
24
0
4,510
0
Is there anything that can be done, in the meantime, for those of us with one of these modems? I have no money to replace a cable modem, and I doubt TWC will issue me a new one because this one isn't secure.
Your modem itself shouldn't be directly accessible from WAN IPs. So the main risk is from someone on your LAN or if you're targeted with a very complex CSRF attack. If your LAN is secure, then you just need to avoid going to untrusted sites.
 

Ddt3

Reputable
Nov 21, 2015
4
0
4,510
0


I really don't care if you believe me or not, I'm not looking to argue with anonymous people on the internet. I simply felt it was important to educate people properly, as opposed to this article which was written to promote fear and panic. You obviously have chosen to go the route of fear and panic, and that's your decision. To the rest of the people who read this, maybe they won't be as pessimistic and closed minded, and my information will help alleviate the overblown fear the author appears to want to create.
 

Christopher1

Distinguished
Aug 29, 2006
651
0
19,010
5
They might not have a choice as to replace these modems or not. At the very least Arris should release updated firmware that permanently removes the backdoors now that they are insecure.
My question is "Why put backdoors in this hardware in the first place?" and if the answer is "Because the government told us to!" the government needs a kick up the keister.
 

Lucian Armasu

Contributing Writer
Editor
Sep 10, 2014
1,120
0
5,280
0
I am an engineer for a US top ten cable company, and we were given access to the firmware fix for this issue before this article was even posted. The amount of fear mongering in this post is disappointing. Arris came to us and told us themselves and then had the new firmware sent to us two days after. There will be some needed testing of the firmware, but the article is completely wrong about saying Arris hasn't acknowledged or worked to fix this.
According to the researcher, Arris hasn't replied to him about any fix. Why wouldn't Arris do that, if he's he one that told the company about it?

> As of this writing, Shodan searches indicate that the backdoor affects over 600.000 externally accessible hosts and the vendor did not state whether it's going to fix it yet.
 

Ddt3

Reputable
Nov 21, 2015
4
0
4,510
0


I don't know why they haven't, or if that's factual information. That's the reason I chose to respond because of the misinformation this article is spreading. Whether or not the hacker received a comment back from Arris, and whether or not he's being honest about that, or if the author of this article took the liberties to add that, I can't speak to. What I can speak to is that we have the firmware fix, and we're looking to deploy it once we can certify the firmware. We are by no means a high priority on Arris' list, so if we have it, all the top US cable providers have it.
 

LotusTeaDragon

Reputable
Nov 21, 2015
9
0
4,510
0


Thank you for your professional opinion on the subject. That's good to know. Still, I'll feel better once they patch this particular hole, especially now that it's all over the place.



Good! I don't deal with networking very much. I'm much more comfortable with hardware and software. Thanks for the reply. :)
 

Calvin Huang

Reputable
Jan 9, 2015
24
0
4,510
0


Pretty much all systems already have built-in firewalls. The issue here is that they can take control of your modem, not your machine. That means they're in a position to sniff all of your Internet traffic, launch MitM attacks, disable your internet connection, use your internet connection to launch DDoS attacks, etc.
 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS