A group of security researchers found implementation errors in Broadcom chips built into cable modems that are used by a number of US and European pay TV operators. The group named the flaw “Cablehaunt.”
Broadcom issued a software fix in May 2019 but pay TV operators should check to make sure that the fix has been incorporated into end-user software updates for end users of these devices.
At the time of this article, cable modem manufacturers impacted by this situation were listed as ARRIS (CommScope), Compal, Humax, Netgear, Sagemcom, SMC, Technicolor (Cisco), and Zoom.
Operators that have deployed these devices include Comcast/Xfinity (US), Cox (US), Claro (Colombia), Kabelplus (Austria), R Cable (Spain), Charter/Spectrum (US), Net Claro (Brasil), Ziggo, RCN (US), WOW! (US), and others.
According to the Cablehaunt group, the following consumer exploits are possible:
- Change default DNS server
- Conduct remote man-in-the-middle attacks
- Hot-swap code or even the entire firmware
- Upload, flash, and upgrade firmware silently
- Disable ISP firmware upgrade
- Change every config file and settings
- Get and Set SNMP OID values
- Change all associated MAC Addresses
- Change serial numbers
- Be exploited in botnet
Read the backgrounder from the Cablehaunt group, which includes a technical report and proof-of-concept programs for video and broadband providers that have deployed this device
Why it’s important
This situation is specific to pay TV operators and broadband service providers who deliver video over broadband access as a primary or secondary service. Many of these exploits can be used to expose content libraries to piracy, let alone expose end users to these and other risks.