The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot password?

Millions of cable modems vulnerable to easy attack

2016-04-12 02:05 by

 

Security researcher David Longenecker has discovered a security vulnerability in Arris's SB6141 cable modem (recently sold by Motorola), which could prevent users from connecting to the Internet.

This particular modem is used in millions of US households. Comcast, Time Warner Cable, and Charter customers were shipped one of these modems when they first subscribed.

The flaw can allow an attacker with access to the network to remotely reset the device, which deletes the internet provider's settings, causing a denial-of-service attack. Every person and device on the network will permanently lose access to the internet until the modem owner contacts their internet provider.

Clicking on a disguised link on a website or in an email can cause a service interruption. According to Longenecker, the problem stems from the Web-based administration interface of the modem (going to 192.168.100.1 in a browser). No login or password is required to access it. Once an attacker has accessed the modem's settings, he or she can restart the modem.

There's no fix at the moment.

"The simplest solution would be a firmware update such that the web [user interface] requires a username and password before allowing disruptive actions such as rebooting or resetting the modem, and that validates that a request originated from the application and not from an external source," he said.

Arris said that it recently addressed the access issue with a firmware update.

"We are in the process of working with our Service Provider customers to make this release available to subscribers," said the spokesperson. "There is no risk of access to any user data and we are unaware of any exploits."

Read more -here-

 

  Post your review/comments
    rate:
   avg:
comment discuss top
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About