Exploit that gives remote access affects ~200 million cable modems
Hundreds of millions of cable modems are vulnerable to critical takeover attacks by hackers halfway around the world, researchers said.
The attacks work by luring vulnerable users to websites that serve malicious JavaScript code that's surreptitiously hosted on the site or hidden inside of malicious ads, researchers from Denmark-based security firm Lyrebirds said in a report and accompanying website. The JavaScript then opens a websocket connection to the vulnerable cable modem and exploits a buffer overflow vulnerability in the spectrum analyzer, a small server that detects interference and other connectivity problems in a host of modems from various makers. From there, remote attackers can gain complete control over the modems, allowing them to change DNS settings, make the modem part of a botnet, and carry out a variety of other nefarious actions.
Cable Haunt, as the researchers have named their proof-of-concept exploit, is known to work on various firmware versions of the following cable modems:
Read 12 remaining paragraphs | Comments