Slashdot Mirror

← Back to Stories (view on slashdot.org)

600,000 Arris Cable Modems Have 'Backdoors In Backdoors,' Researcher Claims (thestack.com)

Posted by timothy on from the wrapped-in-an-enigma dept.

An anonymous reader writes: A security researcher using Shodan to probe Arris cable modems for vulnerabilities has found that 600,000 of the company's modems not only have a backdoor, but that the backdoor itself has an extra backdoor. Brazilian vulnerability tester Bernardo Rodrigues posted that he found undocumented libraries in three models, initially leading to a backdoor that uses an admin password disclosed back in 2009. Brazilian researcher Bernardo Rodrigues notes that the secondary backdoor has a password derived in part from the final five digits from the modem's serial number. However, the default 'root' password for the affected models remains 'arris.'

4 of 76 comments (clear)

  1. Yo Dawg by Anonymous Coward · · Score: 4, Funny

    "I heard you like backdoors, so I put a backdoor in your backdoor" ... yeah, I can see why someone hasn't posted this yet.

  2. Re:Nothing to see here... by Alwin+Henseler · · Score: 3, Insightful

    Ehm.. a backdoor doesn't program itself and then ends up in firmware because of a 'programming mistake', or because 'corners were cut'. For whatever reason it was done, a backdoor has to be intentionally put there.

    That automatically turns "incompetent" into "malicious". Unless end-user was informed of the presence of said backdoor and the reason(s) for its existence, and was okay with that. Which of course is never the case.

  3. Re:Nothing to see here... by JustAnotherOldGuy · · Score: 4, Funny

    Ehm.. a backdoor doesn't program itself and then ends up in firmware because of a 'programming mistake', or because 'corners were cut'.

    Oh, I don't know...one time I tried to program "Hello world" and accidentally coded a medical billing system with an accounts receivable dashboard.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  4. Not that surprised by tap · · Score: 4, Interesting

    I used to work for Arris. But we did the DVR software, which was originally a different company than the people doing the cable modems. The DVR software is a lot more secure than this. There still a PWOD protected technician interface, the DVRs are remotely managed device, but it doesn't let you do anything that would compromise the software. I'd be interested in seeing how someone would hack it. It shouldn't be possible to get a root shell.

    Someone did want to allow the player to pair over wifi automatically to the gateway by having the WPA2-PSK be derived from the device ID. I tried to stress what a terrible idea that was but those were people in a different division who didn't need to listen to me.