An estimated 200 million modems or more may be vulnerable to an exploit dubbed Cable Haunt, which researchers said could give attackers complete control over their victims’ devices.
Many Modems Affected by Vulnerability
A small server that’s intended to detect connectivity problems in a modem, the spectrum analyzer is key to the vulnerability, which researchers said affects a number of different manufacturers and product models. These include cable modems from Netgear’s C6250EMR and CG3700EMR, Sagemcom’s [email protected] 3890 and [email protected] 3686, and possibly Technicolor’s TC7230, among others.
Since cable modems typically manage all online traffic for devices connected to a network, the vulnerability means attackers could not only gain remote access but intercept private messages, redirect traffic to other sites, monitor unencrypted data and even install completely new firmware.
Researchers have created a proof-of-concept of the threat, which manufacturers may need to check, given that the 200 million estimate is restricted to devices in Europe and the risk may be even larger on a global scale.
The only exception to those vulnerable to the threat are those using Firefox, a browser whose websocket is incompatible with that used by a spectrum analyzer.
Close Off Cable Haunt’s Access
As more vendors become aware of Cable Haunt, they’ll likely issue a patch or fix that customers can use to avoid it. In the meantime, a comprehensive security information and event management (SIEM) system can be a good way to stay alert when suspicious activity starts taking place on the network.
Writer & Editor
Shane Schick is a contributor for SecurityIntelligence.