Arris Cable Modem Hack

 admin

. First major FBI bust of a cable modem hacker, received heavy media attention. Snitched on by Dshocker. Case was dismissed after 6 months without any official reason. Mastadogg snitched on MassModz. TCNiSO.net – DerEngel. Arrested October 2009. Regarded as the “godfather” of cable modem hacking.

Updated 2:55 pm ET with comment from Arris.

If you use an Arris or Motorola broadband modem, router or gateway provided by AT&T, better check your network device's configuration.

Texas-based information-security firm Nomotion has found five serious security flaws that could let hackers take over your network, inject ads into the websites you view and even directly attack devices on your network. The firm is calling the flaws 'SharknAT&To', which should conjure up images of flying sharks to avid watchers of the Syfy cable channel.

The Cable Modems that set the standard. Wired or wireless. Basic or super advanced. Whether you're on a budget or looking for premium performance, ARRIS has you covered. ARRIS has been the industry leader in home internet connectivity since day one. Tom's Guide is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. News; Arris Modems and Routers Have Major Security Flaw. Cable operators deploy services to meet the speed expectations, and trust ARRIS to provide the cable modems that deliver the reliability. Nothing spells 'trust' and 'worry free' like a backdoor account, right?! Anyways, the following was observed on an Arris TG862G cable modem running the following firmware version -TS012MODEL862GW. Mar 12, 2018  I dunno about the guy you’re getting your stuff from but clearly they don’t know what the dark web is and how you can get instructions on how to program boxes to work to get you unlimited free internet. And there’s a great chance you WON’T get cau.

'Prepare to be horrified,' a Nomotion blog posting on SharknAT&To late last week read.

At least one of these flaw seems to affect every Arris or Motorola network device that AT&T gives out to home and small-business users. The most serious flaw affects only the NVG599 and NVG589 VDSL-based gateways that supply 'triple play' phone, internet and TV access.

(Arris took over Motorola's home-networking division a few years ago, and many models may bear either company's brand name. These flaws don't seem to affect the Surfboard line of cable modems that Arris markets directly to consumers, but we've asked Nomotion for clarification.)

What You Need to Do Now

Wondershare dr fone keygen generator. You can fix all these flaws yourself, although some require technical know-how and software tools. Fortunately, the most widespread flaw is the easiest to fix, and we'll show you how. For the rest, please refer to Nomotion's blog posting.

Our requests for comment to both Arris and AT&T were not immediately replied to, but Arris told the Threatpost tech-news blog that it was conducting a full investigation and could not comment further.

MORE: Your Router's Security Stinks: Here's How to Fix It

Every Arris network device — modem, router or gateway device, which combines a modem and router — provided by AT&T that Nomotion tested had a secret firewall bypass on port 49152.

Access was granted by prefacing the device's known MAC address with a secret three-byte code, which a hacker's computer could brute-force in a matter of minutes. (Anything that can connect to the internet has at least one unique MAC address.)

'There is something terribly wrong with this implementation,' said Nomotion in its blog post.

The firewall bypass, which Nomotion refers to as Vulnerability 5, was likely put there for the use of AT&T support technicians. It gives an attacker direct access to all the devices on a home or small-business network.

If you're familiar with the security deficiences of the Internet of Things, you'll know that many smart-home devices have little or no protection against attacks coming from within the local network. Combining Vulnerability 5 with known IoT vulnerabilities could lead to attacks on your smart TV, thermostat, door locks, refrigerator, etc.

To fix this flaw, Nomotion recommends browsing to IP address 192.168.1.254 on a desktop web browser while connected to the local network. (Caveat: Nomotion warns that 'if you choose to proceed, you are doing so at your own risk and liability.')

At that web page, you'll see the network device's configuration interface. Select the NAT/Gaming tab, then scroll down and click the Custom Services button.

Setup

You'll see form fields in which to enter information. In the Service Name field, enter a name of your choice — 'Bypass Block' might be a good one. Enter '49152' into both Global Port Range fields. For Base Host Port, enter '1'. Make sure the Protocol is toggled to TCP/IP. Then click the Add button.

On the next page, make sure your new service is listed under Services, and select it. Then select any one of your existing devices under Needed by Device. That should kill the Port 49152 access problem.

Arris Cable Modem Hack Forum

The most serious flaw of the five affects the Arris/Motorola NVG599 and NVG589 gateways running firmware version 9.2.2h0d83. That firmware update added SSH (secure shell) access with hardcoded credentials of admin name 'remotessh' and password '5SaP9I26'.

Anyone using those credentials can remotely flash new firmware, change the network name and password, change the network settings or even inject ads. Fortunately, Nomotion said only about 15,000 devices worldwide seemed to be vulnerable.

'It is hard to believe that no one is already exploiting this vulnerability at the detriment of innocents,' said Nomotion's blog post.

Arris Cable Modem Hack Sb5100

If you've got one of those two models, and it's running that firmware (check in the admin interface mentioned in the previous flaw's fix), then you've got a little command-line typing to do. Please refer to Vulnerability 1 in the Self-Mitigation section in Nomotion's blog post.

Vulnerabilities 2 and 3 affect the web-server feature on the NVG599 model. It turns out anyone can get administrative access by hitting port 49955 with the username 'tech' and no password. About 220,000 devices seem to be affected, per Nomotion.

Arris Cable Modem Troubleshooting

Vulnerability 4 seems to affect all Arris/Motorola home/small-business network devices distributed by AT&T, according to Nomotion. It gives the attacker the MAC addresses of all devices on the internal network, plus the Wi-Fi password, but the attacker needs to know the serial number of the specific router, modem or gateway being attacked. As such, the threat of exploitation is low.

Arris Cable Modem With Wifi

To fix Vulnerabilities 2 through 4, the user will need to use Burp Suite (it's free) or a similar web-security tool. You'll need to the first, second or third flaws to be able to fix the fourth one. Instructions are provided under Self-Mitigation on Nomotion's blog post.

UPDATE: Arris responded to Tom's Guide's query with this statement: 'We are currently verifying the specifics of the Nomotion security report. Until this is complete, we cannot comment on its details. We can confirm ARRIS is conducting a full investigation in parallel and will quickly take any required actions to protect the subscribers who use our devices.'