Hackers Casually Discover 26 Significant Vulnerabilities in ISP Provided Devices and Your Home Network3 min read
What do hackers do when they’re not occupied with breaching through firewalls, compromising your personal data, and otherwise violating laws? Why, they gather together to have a party, of course! Such hacker conventions are the place where their folk share news and ideas, discuss achievements and perhaps plan for world domination (though probably not). Such events are a great place for anyone concerned with internet security to monitor for potential threats and newfound breaches in defenses.
One of the oldest annual hacker conventions is called DEF CON and it has recently been held for the 25th time. There was a lot to see there, but today we’d like to tell you about a single talk by the Bastille team, “CableTap: Wirelessly Tapping your home network”. It provided an interesting insight on the grim reality – that home networks are much more vulnerable than are often considered.
Abstract of the report
Bastille is a hacker team that specializes in finding defense holes in our everyday electronic devices. This time, their research studied ISP-provided set-top boxes and wireless gateways. In the result, they discovered a vast number of critical vulnerabilities that allowed to wirelessly and remotely tap any voice and internet traffic passing through such affected gateway. Estimates show that tens of millions of the US ISP customers could have been impacted.
So how exactly does this hack work? Well, for each device Bastille had its own approach that ranged from exploiting vulnerabilities of old systems to reverse-engineering password-generation algorithms. For example, they applied brute-forcing to breach Comcast voice controls radio-frequency pairing. This sets up a perfect ground for possible attacks on Xfinity devices.
Another significant discovery is the Reference Development Kit (RDK) that turned out to be utilized by numerous ISP’s within their set-top boxes and cable modems. The thing is, RDK is an open-source platform, which means anybody can see its vulnerability fixes months before they are actually implemented into customers’ devices. Effectively, this means that any fix will be outdated months before it actually gets built into your set-top box.
Bastille team provided a list of devices that were tested and proved prone to the breach. However, since they obviously couldn’t test every device on the market, it is highly possible that there are other devices also vulnerable to this hack. Anyway, the list is:
- Cisco DPC3939 (gateway)
- Cisco DPC3939B (gateway)
- Technicolor DPC3941T (gateway)
- Technicolor TC8717T (gateway)
- Motorola MX011ANM (set-top box)
- Xfinity XR11-20 (voice remote)
Considering the ubiquity of the mentioned networks, it’s a wonder why their owners didn’t convey the similar research long ago. Luckily for their users, Bastille proved admirably law-abiding. They contacted the companies in question months before announcing the research results to public. Thereby, the vendors have had enough time to hotfix the vulnerabilities and patch this breach.
A statement from Comcast says “We have made a number of updates to our software and systems to prevent the issues Bastille identified from impacting Comcast customers”. They also added that “Bastille has confirmed that these updates work, and that the attack chains the company described in this paper can no longer be used”.
Quite surprisingly, there were no reports of such issues used against ISP customers. And now, after most of the discovered vulnerabilities were patched, you should be safe from them. Just make sure your device downloaded updates properly.
Do you use the affected devices? Would you be concerned to know that they can be breached so easily? Tell us in the comments below!