Minim, a maker of AI-driven WiFi and IoT security software, has announced a new virtual patch to detect and prevent attacks exploiting “Cable Haunt,” a vulnerability affecting hundreds of millions of cable modems around the world with certain Broadcom chips.
“We had to pounce on Cable Haunt,” said Alec Rooney, Minim co-founder and CTO, in a statement. “A pioneering exploit, this DNS rebind attack infiltrates the trusted side of the home gateway— a sacred space in our book. Cable Haunt validates our belief that AI-driven network-level security is the best way to protect connected devices with varying degrees of updatability in homes.”
Cable Haunt was identified by Danish security firm Lyrebirds, which put up a website detailing the flaw.
“Cable Haunt is a critical vulnerability found in cable modems from various manufacturers across the world,” the Lyrebirds site homepage reads. “The vulnerability enables remote attackers to execute arbitrary code on your modem, indirectly through an endpoint on the modem. Your cable modem is in charge of the internet traffic for all devices on the network. Cable Haunt might therefore be exploited to intercept private messages, redirect traffic, or participation in botnets.”
For their part, the Minim’s founders say their company was founded as a response to the Mirai Botnet crisis of 2016. Their previous company, internet performance management and web application security company Dyn, was acquired by Oracle in 2016.
“Three years post Mirai, the home edge now has at least one platform to protect against emergent threats,” said Jeremy Hitchcock, co-founder and chairman of Minim and former Founder and CEO of Dyn. “Minim offers zero-day protection for a vast security threat to homes and businesses around the world. These protections are table stakes for CPE vendors and service providers. I love what we’re doing.”
Minim reps say the company serves 75 service providers and OEMs, Minim offers a care portal and mobile app to support and protect smart homes. The platform is hardware-agnostic, integrating with customer premises equipment via its open source embedded agent or cloud-based agent.
