Cable Modem Hackers Release Improved Firmware

FatCat writes "SecurityFocus has a story about a group of hardware and software hobbyists specializing in embeddded systems who've released their own custom firmware for Motorola Surfboard cable modems. The firmware lets you log in to an interactive VxWorks shell, or issue commands from a Web browser through an http interface. You load it by tapping an undocumented console serial port on the circuit board. So far, uncappers are apparently the primary consumers, and they're downloading up to 400 copies a day."

Loss of service

[mpost4]

I would think that doing this could put one in dangar of lossing their service. I this more then likely is a violation of the TOS of most cable ISP's and when you violate a contract( TOS's are contracts of a form ) you void it, so then the cable company is not obligated to server you any more. Is the promise of high speed you don't pay for (theft) worth the lose of service, and posable legal action?

Re:Loss of service

[garcia]

I worked for ATTBI before they were swallowed up by Comcast. I still have an ATTBI hostname...

When the first round of "cable modem uncapping" documents started floating around to the masses I found plenty of open tickets that had been forwarded to the "legal department" for possible action. Most people had uncapped their modems to 10mbit/10mbit.

Apparently they had a script that ran that checked for this as they had quite a few open tickets all over the place. I guess it was not hard to find.

They would disable your modem, forcing you to power-cycle it. Then your modem would download a new, correct, config file. If they found that you were AGAIN in violation you were terminated.

Some people did not lose their service but most did.

Re:confused

[Pyro226]

I used dialup for years and NEVER had to worry about messing with my modem to uncap it. My connection was burstable and had absolutely no cap!

This is not actually true; "56k" modems are actually capped at 53k due to FCC regulations. I looked quickly on google and I couldn't figure out why they are capped and it doesn't really matter because almost no-one has a high enough quality phone line to get this rate. But there could be some dial-up hackers out there trying to get an illegal 3k.

Doesn't sound wise..

[stratjakt]

Could the cable company not quickly whip something together to scan all of their subscribers modems, and have a list of uncapped/hacked boxes in their hands within a few minutes, hours tops?

Or even better, can hackers reach this shell from the outside?

Sounds like a good way to lose your service and wind up in court.

This won't last long

[Knightsaber2003]

As soon as someone from Motorola reads this, they'll be popping out new firmware to cable ISP's right quick. It's quite easy for the ISP's to push this out in a night or two. I do it for a living :)

Re:Hmm...

[UID30]

couldn't they just have the system automagically cut off service when the packets start flowing too fast, rather than getting into the legal minefields?

You have obviously lost touch with your inner lawyer. :)

IMHO, the best solution is to alter the terms of all contracts with users (those who wish to cancel service can do so) ... the new contract should have a monetary charge in the order of cents per kilobit per second in excess of whatever the modem cap is. anybody that wants to uncap their modem, therefore, is welcome to do so ... and get a big ass bill the next month.