Cable Haunt: millions of Broadcom modems could be at risk of hacking

Some of Broadcom’s cable modems come with flawed firmware which could mean more than 200 million vulnerable homes. Four Danish researchers, Alexander Dalsgaard Krog, Jens Hegner Stærmose, Kasper Kohsel Terndrup (from Lyrebirds) and freelancer Simon Vandel Sillesen uncovered CVE-2019-19494, a flaw which could enable man-in-the-middle attacks, information theft, communications eavesdropping, DDoS attacks and so on.

“The cable modems are vulnerable to remote code execution through a web-socket connection, bypassing normal CORS and SOC rules, and then subsequently by overflowing the registers and executing malicious functionality. The exploit is possible due to lack of protection proper authorization of the web-socket client, default credentials and a programming error in the spectrum analyzer,” the researchers explained.

“These vulnerabilities can give an attacker full remote control over the entire unit, and all the traffic that flows through it, while being invisible for both the user and ISP and able to ignore remote system updates.”

While the problem is clearly widespread, the researchers said it’s difficult to get a precise estimate of Cable Haunt reach. “The reason for this is that the vulnerability originated in reference software, which has seemingly been copied by different cable modems manufacturers when creating their cable modem firmware,” the researchers said on their website.

“This means that we have not been able to track the exact spread of the vulnerability and that it might present itself in slightly different ways for different manufacturers.”

The good news is that most Scandinavian Internet service providers (ISPs) report that they have already patched the affected devices, while the team responsible for the discovery has set up a dedicated Cable Haunt website for users to track developments.