Halloween came early for the cable technology world in January, when four Danish internet security researchers identified “Cable Haunt,” a security flaw affecting more than 200 million cable modems equipped with Broadcom chips in Europe alone.
The Cable Haunt vulnerability is focused on the spectrum analyzer, a standard component of Broadcom silicon that protects modems from signal surges and other disturbances piped in by the coax.
The spectrum analyzer is often used by internet service providers for debugging and improving connection quality. Access to it is typically limited to connections originating within the managed network.
Researchers at Danish firm Lyrebirds said the Broadcom chipset’s spectrum analyzer is vulnerable because it uses default credentials and lacks protection against denial of service-based “rebinding attacks.” They also said the chipset contains a firmware programming error.
Hackers could exploit the vulnerability and get users to accept malicious web pages, researchees said. Once that’s done, hackers could change default domain name system (DNS) servers; conduct remote man-in-the-middle attacks; swap code and change firmware, config files and MAC addresses; and do other evil things.
The vulnerability is widespread, they added. “The reason for this, is that the vulnerability originated in reference software, which have seemingly been copied by different cable modems manufacturers, when creating their cable modem firmware,” the researchers said on cablehaunt.com, a website they set up to publicize the issue. “This means that we have not been able to track the exact spread of the vulnerability, and that it might present itself in slightly different ways for different manufacturers.”
The group also published a white paper accessible on the site. They hope that ISPs and other tech firms release firmware updates and patch any vulnerabilities.
Broadcom said it released several firmware fixes last year. Others have released fixes, too. Meanwhile, ZDNet, which had engineers probe the vulnerability, described an attack using Cable Haunt as being “very hard to pull off.”