Major vulnerability in virtually all cable TV modems

Impetus · 18-01-2020 12:10pm #1

A new malware has been discovered, which if used can allow anybody in the world to get into your cable modem and into your connected computer systems and read data, encrypt the data and ask you for bitcoin to decrypt the data, and stop your phone system. It can also lock your cable company out of updating the firmware on the modem to fix the bug. Really nasty stuff.

https://cablehaunt.com. A Danish researcher has created an entire website on this one issue.

Video: https://youtu.be/STWo0iMqSTs?t=5745

Mod : Snip

horgan_p · 18-01-2020 4:07pm

I think you're blowing this up a little bit. That isn't to say this isn't serious.
This is a vulnerability on your cable modem. Not windows. you can do some bad stuff (DNS redirects, lock out network and WiFi etc), but you need to leverage a further vulnerability to access a machine.

To be affected you need to go to a malicious website or click on a malicious advert.
This in and of itself will not infect your machine with ransomware.

Its also a bit much to accuse Virgin Media of gross negligence. This is a bug in the firmware from the manufacturer. VM dont manufacture their boxes. If VM don't issue a warning or if they don't contact customers once a fix has been found, then its a different story.

KoolKid · 19-01-2020 7:21pm

Post edited please refrain from such wild accusations.

20-01-2020 7:01pm

From the website:

Cable Haunt is exploited in two steps. First, access to the vulnerable endpoint is gained through a client on the local network, such as a browser. Secondly the vulnerable endpoint is hit with a buffer overflow attack, which gives the attacker control of the modem.

The first step starts on the local network. So the attacker has to already be on the inside of the network to launch the attack.

In the words of Catherine Tate, Am I bovvered?

un5byh7sqpd2x0 · 22-01-2020 12:10pm

Deleted User wrote: »

From the website:

Cable Haunt is exploited in two steps. First, access to the vulnerable endpoint is gained through a client on the local network, such as a browser. Secondly the vulnerable endpoint is hit with a buffer overflow attack, which gives the attacker control of the modem.

The first step starts on the local network. So the attacker has to already be on the inside of the network to launch the attack.

In the words of Catherine Tate, Am I bovvered?

And from the OP....
"A new malware has been discovered, which if used can allow anybody in the world to get into your cable modem and into your connected computer systems and read data, encrypt the data and ask you for bitcoin to decrypt the data, and stop your phone system."

Why would you bother getting "into your cable modem and into your connected computer systems" when you've already pwned something on the inside to exploit the modem vulnerability in the first place?

22-01-2020 4:45pm

Princeton Loose Twinkle wrote: »

And from the OP....
"A new malware has been discovered, which if used can allow anybody in the world to get into your cable modem and into your connected computer systems and read data, encrypt the data and ask you for bitcoin to decrypt the data, and stop your phone system."

Why would you bother getting "into your cable modem and into your connected computer systems" when you've already pwned something on the inside to exploit the modem vulnerability in the first place?

Yea. I mean, it's a bit like saying, your car is at risk of theft if you leave your car keys on the hall table.

Step one, the thief is in your hall
Step two, he takes the keys and drives off in your car.

Major vulnerability in virtually all cable TV modems

Comments