Researcher: 600,000 Arris Cable Modems Have “Backdoors In Backdoors”

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
Yo dawg, I heard you’re scared of backdoors, so…

During analysis of the backdoor library and the restricted shells, Rodrigues that a backdoor had been put in the backdoor. Rodrigues says that the undocumented backdoor password is based on the final five digits from the modem’s serial number. After logging in on the Telnet/SSH with these passwords, a full busybox shell is the result. Rodrigues concludes that he is “pretty sure” that these flaws on the devices have been exploited for some time.
 
So is there a list of cable modems that are affected?

I say as I peek behind my monitor at my Arris cable modem.
 
http://www.kb.cert.org/vuls/id/419568

The following models have been reported as being vulnerable to all three vulnerabilities:

TG862A
TG862G
DG860A


The following firmware versions were reported as being vulnerable:

TS0705125D_031115_NA.MODEL_862.GW.MONO
TS0705125_062314_NA.MODEL_862.GW.MONO
TS070593C_073013_NA.MODEL_862.GW.MONO
TS0703128_100611_NA.MODEL_862.GW.MONO
TS0703135_112211_NA.MODEL_862.GW.MONO


Additional models and firmware versions may also be affected.
 
When I checked my TG862G's firmware version it states 7.5.63C. I'm confused as it reads nothing like the firmware versions mentioned above.
 
Never mind, found the firmware name and it's none of the mentioned ones. I might be safe.
 
Consqeuence of making hardware that is built for lowest common denominator of support techs, that cable companies get away with paying lowest amount of money they feel they can get away with.
 
Seems like there's lots of knowledge you have to have up front to use this backdoor. Have to know the password of the day (it changes every day and is set by the ISP) and have to know the last 5 digits of the S/N. How easy is it to get that information?
 
Back
Top