Cable Haunt is the code name assigned to represent two separate vulnerabilities that affect many of the cable modems in use around the world in 2020.[1][2] These vulnerabilities allow an attacker to obtain external access to a cable modem and perform any number of activities intended to modify the operation of, or monitor the data passing through a cable modem.[3]
Alexander Dalsgaard Krog (Lyrebirds), Jens Hegner Stærmose (Lyrebirds), Kasper Kohsel Terndrup (Lyrebirds), Simon Vandel Sillesen (Independent)
The problem lies with the Broadcom system-on-a-chip, which is used in many cable modems, specifically with the software running the spectrum analyzer, which protects against any power surges in the cable signal.[3] It exposes an unsecured WebSockets interface that Cable Haunt can reach using JavaScript run in a victim's browser.[1]
Modems impacted by Cable Haunt give remote attackers full (kernel level[1]) control over the cable modem, allowing them to potentially:[4]
Most home and small businesses obtain their cable modems directly from their Internet service providers (ISPs). In situations where ISPs control the patching and firmware updating processes, subscribers must wait for cable providers to receive updated firmware from manufacturers and push it down to each individual modem. Cable companies were initially slow to respond to this threat, but now are actively working to get updates for customers.[5]
On January 19, 2020 Schrock Innovations, a computer repair company based in Lincoln, Nebraska, released executable programs for x64 Windows systems and OS X systems based on Lyrebirds' original JavaScript. These programs allowed less technically advanced users the ability to test their own connections. Users of the programs were instructed to contact their ISP if their modem was vulnerable in order to increase public pressure for patches to be created in order to address the vulnerability.[6]
^"CVE-2019-19495". Common Vulnerabilities and Exposures. Retrieved 2020-01-19.
^ ab"Hundreds of millions of cable modems could be hacked due to 'Cable Haunt' flaw". Tom's Guide. January 14, 2020. Retrieved 2020-04-26.
^Cimpanu, Catalin (January 10, 2020). "Hundreds of millions of cable modems are vulnerable to new Cable Haunt vulnerability". ZDNet. Retrieved 2020-01-19.
^"'Cable Haunt' Bug Plagues Millions of Home Modems". threatpost.com. Retrieved 2020-01-19.
Dunn, John E. (14 January 2020). "'Cable Haunt' vulnerability exposes 200 million cable modem users". Naked Security by Sophos. Retrieved 11 April 2020.
Nichols, Shaun (10 January 2020). "Hundreds of millions of Broadcom-based cable modems at risk of remote hijacking, eggheads fear". theregister.co.uk. Retrieved 11 April 2020.
Cimpanu, Catalin (10 January 2020). "Hundreds of millions of cable modems are vulnerable to new Cable Haunt vulnerability". ZDnet. Retrieved 10 June 2020.
April 12, 2024
cable, haunt, code, name, assigned, represent, separate, vulnerabilities, that, affect, many, cable, modems, around, world, 2020, these, vulnerabilities, allow, attacker, obtain, external, access, cable, modem, perform, number, activities, intended, modify, op. Cable Haunt is the code name assigned to represent two separate vulnerabilities that affect many of the cable modems in use around the world in 2020 1 2 These vulnerabilities allow an attacker to obtain external access to a cable modem and perform any number of activities intended to modify the operation of or monitor the data passing through a cable modem 3 Cable HauntCVE identifier s CVE 2019 19494 CVE 2019 19495DiscovererAlexander Dalsgaard Krog Lyrebirds Jens Hegner Staermose Lyrebirds Kasper Kohsel Terndrup Lyrebirds Simon Vandel Sillesen Independent The problem lies with the Broadcom system on a chip which is used in many cable modems specifically with the software running the spectrum analyzer which protects against any power surges in the cable signal 3 It exposes an unsecured WebSockets interface that Cable Haunt can reach using JavaScript run in a victim s browser 1 Modems impacted by Cable Haunt give remote attackers full kernel level 1 control over the cable modem allowing them to potentially 4 Modify or install new firmware on the modem Change the modem s DNS server to redirect outbound traffic Enlist the modem in a Distributed Denial of Service attack DDoS Modify the modem MAC address or serial number Disable patching and updating functions Use a man in the middle attack to skim dataMost home and small businesses obtain their cable modems directly from their Internet service providers ISPs In situations where ISPs control the patching and firmware updating processes subscribers must wait for cable providers to receive updated firmware from manufacturers and push it down to each individual modem Cable companies were initially slow to respond to this threat but now are actively working to get updates for customers 5 On January 19 2020 Schrock Innovations a computer repair company based in Lincoln Nebraska released executable programs for x64 Windows systems and OS X systems based on Lyrebirds original JavaScript These programs allowed less technically advanced users the ability to test their own connections Users of the programs were instructed to contact their ISP if their modem was vulnerable in order to increase public pressure for patches to be created in order to address the vulnerability 6 References edit a b c CVE 2019 19494 Common Vulnerabilities and Exposures Retrieved 2020 01 19 CVE 2019 19495 Common Vulnerabilities and Exposures Retrieved 2020 01 19 a b Hundreds of millions of cable modems could be hacked due to Cable Haunt flaw Tom s Guide January 14 2020 Retrieved 2020 04 26 Cimpanu Catalin January 10 2020 Hundreds of millions of cable modems are vulnerable to new Cable Haunt vulnerability ZDNet Retrieved 2020 01 19 Cable Haunt Bug Plagues Millions of Home Modems threatpost com Retrieved 2020 01 19 Schrock Thor Cable Haunt Retrieved 2020 01 19 Further reading editDunn John E 14 January 2020 Cable Haunt vulnerability exposes 200 million cable modem users Naked Security by Sophos Retrieved 11 April 2020 Nichols Shaun 10 January 2020 Hundreds of millions of Broadcom based cable modems at risk of remote hijacking eggheads fear theregister co uk Retrieved 11 April 2020 Cimpanu Catalin 10 January 2020 Hundreds of millions of cable modems are vulnerable to new Cable Haunt vulnerability ZDnet Retrieved 10 June 2020 Retrieved from https en wikipedia org w index php title Cable Haunt amp oldid 1115674428, wikipedia, wiki, book, books, library,
