Is this a form of journalism/newsreporting (or whatever we want to call it) gone too far??
https://www.theregister.co.uk/2020/01/1 ... erability/
Hundreds of millions of Broadcom-based cable modems at risk of remote hijacking, eggheads fear.
It's got a name and logo so it's serious, you guys.
By Shaun Nichols in San Francisco 10 Jan 2020 at 23:18
A vulnerability in Broadcom's cable modem firmware has left as many as 200 million home broadband gateways in Europe, and potentially more worldwide, at risk of remote hijackings.
Four Danish researchers have demonstrated how a miscreant could exploit the hole, CVE-2019-19494, the wild: essentially, a victim is tricked into opening a webpage or similar containing malicious JavaScript. This code subsequently connects to the web server built into the vulnerable modem on the local network. The script then alters the contents of the modem's processor registers, by overwriting the stack, to redirect execution to malware smuggled in with the request.
At that point, the code can attempt miscreant-in-the-middle attacks, manipulate the firmware, change DNS settings to redirect connections to phishing pages, snoop on traffic, launch distributed denial-of-service assaults, and so on. A DNS rebinding technique is needed during the infection to bypass browser security mechanisms. This involves the script connecting to what the browser thinks is a legit internet-facing system, but the address actually resolves to the local IP address for the modem.
The end result, the team says, is that crooks can remotely take over vulnerable Broadcom-based cable modems without netizens or ISPs realizing; the victim simply has to surf to a dodgy website, or similar. The method is a little fiddly to pull off, we note, so crooks may not bother with it.
Dubbed Cable Haunt, and accompanied with a logo, for marketing purposes, the flaw was found by Alexander Dalsgaard Krog, Jens Hegner Stærmose, and Kasper Kohsel Terndrup from security company Lyrebirds, along with indie researcher Simon Vandel Sillesen.
"The attack can be executed by having the victim run malicious JavaScript," the team explained. "A common avenue of attack would be a link that is opened in a browser, but could for example, also be done through ads on a trusted website or insecure email clients."
The modem's spectrum analyzer tool, which is part of the Broadcom-supplied stack, is exploited as part of the attack to gain code execution: a specially crafted JSON payload sent to the software can overwrite the CPU registers, leading to arbitrary memory manipulation and code execution.
At this point, it's game over for the modem. An attacker can do pretty much anything they want.
The team said the vulnerability affects cable modems using chipset designer Broadcom's software running on the open-source Embedded Configurable Operating System (eCos), and fear that in Europe alone as many as 200 million modems may be vulnerable, though they are not certain.
"The reason for this, is that the vulnerability originated in reference software, which have seemingly been copied by different cable modems manufacturers, when creating their cable modem firmware," the crew explained. "This means that we have not been able to track the exact spread of the vulnerability, and that it might present itself in slightly different ways for different manufacturers."
Broadcom has yet to respond to a request for comment on the report. You can find a list of known affected broadband gateway models here. ® https://cablehaunt.com/
Hundreds of millions of Broadcom-based cable modems at risk
Well, at least this ZDNET article includes a more calm-headed risk assessment:
https://www.zdnet.com/article/hundreds- ... erability/
https://www.zdnet.com/article/hundreds- ... erability/
One point of emphasis the ZDNet team wants to relay about Cable Haunt is that this attack is extremely complex to pull off, primarily because the vulnerable spectrum analyzer component is only available on the cable modem's internal network, and not directly exposed to the internet.
Exploiting Cable Haunt requires that an attacker go through several hoops in a multi-step process, which makes this attack highly improbable ever to be used by botnet operators. However, the attack is not out of the range of a determined attacker looking to compromise a high-value target.
All in all, it's clever research, but your cable modem will most likely get hacked because you forgot to change its default password or is vulnerable to other security flaws that are directly exploitable from the internet because you forgot to update its firmware.
A botnet could exploit this but it would first need to get access to a privileged process in ones private network. Therefore, it would be a secondary attack vector after a partial footing in the network is gained.6502coder wrote:Well, at least this ZDNET article includes a more calm-headed risk assessment:
https://www.zdnet.com/article/hundreds- ... erability/
One point of emphasis the ZDNet team wants to relay about Cable Haunt is that this attack is extremely complex to pull off, primarily because the vulnerable spectrum analyzer component is only available on the cable modem's internal network, and not directly exposed to the internet.
Exploiting Cable Haunt requires that an attacker go through several hoops in a multi-step process, which makes this attack highly improbable ever to be used by botnet operators. However, the attack is not out of the range of a determined attacker looking to compromise a high-value target.
All in all, it's clever research, but your cable modem will most likely get hacked because you forgot to change its default password or is vulnerable to other security flaws that are directly exploitable from the internet because you forgot to update its firmware.
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
