600,000 Arris Cable Modems Have 'Backdoors In Backdoors,' Researcher Claims

An anonymous reader writes: A security researcher using Shodan to probe Arris cable modems for vulnerabilities has found that 600,000 of the company's modems not only have a backdoor, but that the backdoor itself has an extra backdoor. Brazilian vulnerability tester Bernardo Rodrigues posted that he found undocumented libraries in three models, initially leading to a backdoor that uses an admin password disclosed back in 2009. Brazilian researcher Bernardo Rodrigues notes that the secondary backdoor has a password derived in part from the final five digits from the modem's serial number. However, the default 'root' password for the affected models remains 'arris.'

Re:Nothing to see here...

[Alwin+Henseler]

Ehm.. a backdoor doesn't program itself and then ends up in firmware because of a 'programming mistake', or because 'corners were cut'. For whatever reason it was done, a backdoor has to be intentionally put there.

That automatically turns "incompetent" into "malicious". Unless end-user was informed of the presence of said backdoor and the reason(s) for its existence, and was okay with that. Which of course is never the case.