Hackers Discover a Major Vulnerability that could Affect More than 200 Million Modems uniccshopru, uniccshopvip

Researchers have recently revealed that there are more than 200 million modems reportedly vulnerable to serious attacks by hackers . According to Lyrebirds researchers, the attackers can lure their victims to malware-infested sites that serve malicious JavaScript code.
From there, they use remote methods to gain access over the
modems, which allow the attackers to change the DNS settings of the modem. The
vulnerability also gives them the invitation to carry out a series of other
nefarious actions in the modem.
Lyrebirds Researchers have called the vulnerability in the
modem Cable Haunt . The vulnerability has been
detected in different types of firmware versions of cable modems, including Netgear
CG3700EMR, Technicolor TC7230, Sagemcom F@st 3686, Compal 7486E, and Compal
7284E.
Since other cable modems contain the spectrum analyzer
server, hackers may also succeed in exploring other models, the researchers
said. Lyrebird’s proof-of-concept attack worked against the Sagemcom F@st 8690
and the Technicolor TC7230 modems. With some changes, the attack code could
also work on other modem models.
According to the Lyrebirds researchers, the vulnerability gives hackers remote access through an endpoint on the vulnerable modem . The researchers explained that the cable modem is responsible for the internet traffic of all devices within the network. As a result, hackers may exploit Cable Haunt to participate in botnets, redirect traffic, and intercept private messages.
The researchers explained that hackers could gain remote
access to the modem in two different ways. The first and simplest way is to use
malicious JavaScript, which enforces automatic connection to the browser.
Generally, a protocol, known as cross-origin resource sharing , stops a web application
from connecting directly to another web application from a different origin.
However, Websockets are not backed by this protocol, which
means that modems are not able to prevent the JavaScript from connecting. This
gives the attackers easy access into the modem to launch their code.
Cable Haunt usually accesses modems via a browser. However, the malicious attack could spring up from any section as the code gets to the IP on the local network. The attack does not work when the susceptible targets use Firefox , because the WebSockets the spectrum analyzer uses is not compatible with the WebSocket the browser uses.
However, it’s still possible for the attackers to attack
remotely through a JavaScript. The JavaScript can be used to scale through the
restrictions through what is usually referred to as a DNS rebinding attack , which changes the DNS tables within
the local network. Since the domain address of the attack’s site is linked to
the IP of the exposed modem, the JavaScript will be able to carry out the
attack successfully.
Apart from the buffer overflow, the attacker is successful
because of the default credentials the attacker utilized to attack the modems.
The default credentials are usually included in the URL the attacker used.
Kasper Tendrup, a Lyrebirds co-founder, pointed out that
the hackers could explore other options and still succeed in the attack.
According to him, the proof-of-concept protocol can use
other methods to work on the modem. However, the attack code has to identify
with the exact memory address of the susceptible code. This is because of the
MIPS assembly memory structure, which runs the spectrum layer.
Cable Haunt utilizes return-oriented programming to scale
through the restrictions placed by the memory structure. It would skim through
the existing codes and develop a patchwork from the code.
After the attacker has succeeded in exploiting the vulnerability , they install a reverse shell by sending commands to the telnet server of the vulnerable modem. After gaining access, the attacker would be able to do a whole lot of things. They would have access to installing an entirely new firmware, changing the DNS settings, as well as screening any encrypted data that comes through the modem. The attacker could have complete control over the modem
Lyrebirds Researchers said that the vulnerability could
affect more than 200 million modems in Europe. According to the researchers,
the attack may also work on several millions of other modems all over the
world.
The worst part is the fact that an average user would not
be able to determine whether their modem is vulnerable. According go the
researchers, it would require them to run POC code against the modem, which is
not feasible for an average user.
uniccshopru uniccshopvip

Author: wpadmin