The modem is always the weak link, and invariably you can't just install openWRT because the cable/DSL chipset is some closed-source broadcom thing.
Popular cable modem vulnerable to remote reboot/reset flaw
Security defence man David Longenecker says millions of users could have their internet connections severed thanks to a flaw in Surfboard SB6141 modems. The soon-to-be-patched cross-site request forgery flaw allows attackers to cut off users from the internet until their modem renegotiates with the ISP and reconfigures itself …
COMMENTS
-
Monday 11th April 2016 02:33 GMT Nate Amsden
more people
With too much time on their hands.
To the prev poster this is for modems. Can't re flash them normally. My modem(motorolla) is not the model listed but am sure ia affected. It is basically a layer 2 bridge with a management ip (on a different subnet than my internal subnet but still reachable). My "router " is a soekris box running openbsd.
Though there are probably routers with the same or similar code on them.
-
Monday 11th April 2016 06:31 GMT Tom Samplonius
Re: more people
"My modem(motorolla) is not the model listed but am sure ia affected."
Unlikely. Arris and Motorola are bitter competitors in the cable modem market, so it is unlikely they share any code. And over the years, Arris has some weird ideas about security: Google "arris password of the day".
The issue with password of the day, is that some providers have not changed the seed. And even they have, the seed and the password of the day are too short.
-
Monday 11th April 2016 17:11 GMT joebob2000
Re: more people
Um lol. Motorola sold their cable modem unit to Arris and Motorola were the ones who made the original SB6141 so yes, Motorola-made modems are affected because Motorola made the code that's vulnerable. That being said it's a silly exploit since 99% of ISPs dont require any intervention during a factory reset.
-
Monday 11th April 2016 06:50 GMT Anonymous Coward
Re: more people
What do you mean "can't reflash them normally". Look up TR-069, even if you change the password your ISP can still get in. I know how to block it in my DSL modem via a hidden TR-069 config page but have chosen not to - even though the modem is like 8 years old I still get several new firmware versions delivered by my ISP each year - presumably to protect against exploits like this that haven't been made public.
-
Monday 11th April 2016 17:11 GMT joebob2000
Re: more people
Modems like the SB6141 (and others affected, the SB6121) don't let the user set a password and they dont let the user change the firmware. They literally only let the user do a soft reset or a factory reset. The ISP decides what firmware runs on the modem, even if it's customer-provided.
-
-
-
-
Monday 11th April 2016 12:54 GMT John Brown (no body)
Strangely...
My cable modem rebooted as I was middle clicking the stories on The Reg front page into new tabs ready for reading. It started with Europe's biggest radiotelescope in fast-burst-finding upgrade and all the subsequent pages.
It's a VM Superhub in modem only mode so it's more likely a VM issue than anything else. Or is it?
Considering the page it first happened on, it might be aliens! On the other hand, it was only El Reg pages. BBC and Google were ok. It's not the first time I've noticed this happen either.
I'm off to buy some tinfoil.