Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Wireless ISP Modems Plagued by Serious Vulnerabilities

Researchers have analyzed several wireless modems offered by Internet service providers (ISPs) worldwide to customers and discovered that they are plagued by many serious vulnerabilities.

Researchers have analyzed several wireless modems offered by Internet service providers (ISPs) worldwide to customers and discovered that they are plagued by many serious vulnerabilities.

Over the past year, security research company SEARCH-LAB has analyzed the modems offered to customers in Hungary by Liberty Global-owned telecommunications services provider UPC Broadband, including Ubee, Technicolor, Cisco, Hitron and Compal devices. Experts pointed out that these modems are used by ISPs from all over the world.

Researchers spent between three hours and two weeks manually analyzing Ubee EVW3226, Technicolor TC7200, Cisco EPC392, Hitron CGNV4 and Compal CH7465LG modems. A total of 58 serious vulnerabilities have been discovered in these products as a result of the investigation, including many weaknesses that allow attackers to gain administrator access to devices, make configuration changes, or execute arbitrary code.Compal Modem vulnerabilities

The list of bugs includes insecure session management, authentication bypass, command injection, information disclosure, buffer overflow, CSRF and default password issues. Forty of the flaws have been found in Compal modems, on which researchers spent two weeks as part of a pilot project commissioned by Liberty Global.

Most of the targeted devices were only analyzed for three hours and just a handful of vulnerabilities have been found. However, SEARCH-LAB told SecurityWeek that a larger number of issues would have likely been identified if more time had been spent analyzing these modems.

One of the most serious problems discovered by researchers is related to the use of default Wi-Fi passphrases. Experts determined that the password could be brute-forced on Ubee, Technicolor and Cisco devices in just a few seconds as it was generated based on easily obtainable data, such as serial numbers and MAC addresses.

The vulnerabilities found by SEARCH-LAB have been reported to Liberty Global, which notified the device manufacturers. Some of the problems have been addressed, while others, such as the default passwords, are more difficult to resolve, especially since the information is in many cases printed on the devices.

SEARCH-LAB is currently conducting a wardriving experiment in Hungary to determine how many users still rely on default passwords even after repeated warnings from the ISP.

“A proof-of-concept application was also developed to demonstrate that the home Wi-Fi networks that are operated by these devices are easily attackable from the street by wardriving,” SEARCH-LAB researcher Gergely Eberhardt told SecurityWeek.

“What made the situation even worse; we discovered that after taking over the control on the attacked Wi-Fi devices and were able to execute our own code on them, we gained access not just to the local home networks, but though the internal network of the ISP we gained access to other home routers too,” Eberhardt explained.

Related: LG NAS Devices Exposed to Remote Attacks

Related: Wi-Fi Flaw Exposes Android Devices to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Chinese tech giant Huawei patched nearly 300 vulnerabilities in its HarmonyOS operating system in 2022.