CATEGORIES
home News

Yo Dawg! 600K Arris Cable Modems Exploitable With 'Backdoor Within A Backdoor'

by Rob WilliamsSaturday, November 21, 2015, 03:00 PM EDT

Backdoor Within A Backdoor

We've talked lots in the past about vulnerabilities that hit home and enterprise routers, but not quite as much about cable modems, where the importance of good security is arguably even more paramount. The reason for that is that most often, customers do not have control over the firmware in such devices. If a vulnerability is found and patched, it's up to the ISP to issue it, automatically. As you might imagine, this could lead to some serious problems if your ISP isn't too on top of things.

A great example of this is brought forth by security researcher Bernardo Rodrigues. He found that with a series of Arris cable modems, a backdoor exists within a backdoor - a rather interesting discovery, to say the least. Ultimately, that second backdoor is tied to one that has been known about for a while, dubbed "Password Of The Day".

Some Arris cable modems have a backdoor that's protected by a password that changes once per day. This password is generated in such a way that anyone who knows how it works will always be able to get in on any given day. After accessing a modem this way, Bernardo found a link to a "tech_support_cgi" file that could be accessed through a Web browser. This page shows a password prompt along with various switches that can be toggled, including SSH and Telnet. The password for this is generated in a similar manner as the first, but involves the last five digits of the device's serial number.

While the process of finding this password isn't being revealed, an internal key generator tool has been created that will generate the correct password simply by typing in the unit's serial number. If you want to see the attack in action, you can do so with the video below.

It's hugely recommended that you listen to the video with audio, as you'll be treated to some excellent chiptune music. If you ever downloaded a keygen like this in the late 90s or early 00s, you'll probably feel a bit of a nostalgia hit. Regarding this keygen, Bernardo writes: "In order to write a Keygen, we need a leet ascii art and a cool chiptune. The chosen font was ROYAFNT1.TDF, from the legendary artist Roy/SAC and the chiptune is Toilet Story 5, by Ghidorah."

It's great to see that some security researchers have such a great sense of humor, even when it revolves around something that's really not that funny. It's noted in the article that up to this point, Arris hasn't commented on the vulnerability, and that confidence is high about the fact that there have been people out there exploiting this vulnerability for quite some time.

We'll see if that changes now that the cat is truly out of the bag.

Tags:  security, Router, Enterprise, vulnerability, exploit, modem
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment