Leave a comment

600,000 modems have a security flaw

600,000 modems have a security flaw
Photo courtesy of Shutterstock

When you got cable Internet, you probably set up the provided cable modem, stashed it at the back of a desk and haven't given it a thought since. There are some reasons you should, however, such as saving a bundle of money.

It also turns out that cable modems have security problems just like everything else. A Brazilian researcher named Bernardo Rodrigues found a major flaw in three Arris models that use firmware ARRIS TG862A. In the U.S., Arris modems are sold under the Motorola brand.

These modems already have a known backdoor that allows Internet service providers to log in and make changes. If your ISP didn't change the defaults on this backdoor, then hackers can easily get into the hidden technical support menu. For there, they can enable telnet and SSH, which are remote access services.

This is where the newly discovered flaw comes in. To remotely connect via telnet or SSH, you have to know the password. However, Rodrigues discovered that in addition to whatever password the ISP set, there's a backdoor password that's based on the last five digits of the router's serial number.

Figuring out that password gives the hacker total control of the modem, which could let them redirect your Internet traffic to malicious servers and sites. And unlike a computer viruses or router virus, there's no way to detect or stop it. You'll need to do a full factory reset with the help of your ISP.

Rodrigues has let the manufacturer know and it says it's working on a fix. However, when that will be out is anyone's guess. Even after it's released, it's up to the ISPs to push it out to your modem.

On the plus side, Rodrigues hasn't disclosed how he gets the backdoor password, so hackers probably don't know it yet. Plus, the hacker would need to know your modem's serial number, which isn't easily available.

Still, if you have an Arris or Motorola modem it might be good to occasionally check with your ISP to see if there's upgraded firmware available.

Next Story
Source: The Register
View Comments ()
Celebrate Windows 30th with 10 cent apps
Previous Happening Now

Celebrate Windows 30th with 10 cent apps

Yahoo could block your email if you do this one thing
Next Happening Now

Yahoo could block your email if you do this one thing