The 2020 Biggest Vulnerabilities Have Already Been Identified
A brand new year, so full with promise! Even though it’s a new decade, we are certainly past the point where vendors ship software and hardware with vulnerabilities! However, such hope is futile. We are now only two months into the project and security vulnerabilities have already fallen. These three major vulnerabilities are not something you need to know if you don’t wear a white hat.
Cable Haunt
Windows RDP Bug
Citrix VPN Bug
They might be the biggest of the year. We will only know when that happens. Let’s take a look at what’s been happening and how we can help keep our systems safe.
Cable Haunt: A Major Cable Modem Vulnerability
The announcement of a vulnerability in a cable modem was the start of the year. Your ISP usually provides cable modems when you sign up to cable internet at home or work. The modem connects to your coax cable jack. Next, you plug your router into it. Important: The modem is directly in front of your router so there is no firewall between it, the internet, and the modem. Although routers have had issues in the past it is now a different story.
This is usually not an issue since the modem is managed by the ISP. The ISP requires full access to push firmware updates, config changes, and other necessary information to the modem.
Learn how to become a security expert with SPOTO’s Cybersecurity Training
Start training Cable Haunt was disclosed by researchers in Denmark in January. This vulnerability was discovered on certain Broadcom chipset-equipped cable modems. The vulnerability is caused by a spectrum analyzer service that runs on the modem. This service can be used to detect interference in the modem’s internet connection and help tech support to resolve slow service issues. This server can be accessed via the internet. It is usually secured with default credentials such as username “spectrum”, and password “spectrum”. Researchers were able access some modems with no authentication. D’oh.
What does Cable Haunt Do?
Malicious code will attempt to access spectrum analyzer via the internet or your browser via Javascript. If it succeeds, it will attempt to cause a remote buffer overload on the server. RBO’s are a whole topic unto themselves. But what you need to know about them is that if they succeed, an attacker can run any code on the server.
What does it do to take over a modem? It does quite a lot. Malicious actors can use the Crash Haunt vulnerability to rewrite DNS requests to launch man-in-the middle attacks. They can even steal any unsecured data that is coming into or out of the network. One of our favorite options is to join your modem to a botnet bent upon world dominance — or just for spam emailing and bitcoin mining. There are many nefarious options.
We mentioned Broadcom. This is where responsibility for patching begins to become grey. Broadcom’s original reference code contained the exploit. Researchers claim that they reported the vulnerability to Broadcom. Broadcom responded a few months later, stating that the problem had been fixed. Broadcom’s code was used to create firmware updates for modems. Then it was up to modem manufacturers to release the updates. THEN, it’s up the ISPs and customers to test the firmware and push it to their modems. We wish you all the best in seeing this resolved in the wild.
How to Protect Yourself from the Cable Haunt
Start with the make and model of your modem. Researchers only know of a few affected models. They maintain a list on their website (scroll down the FAQ, expand the “Am i Affected?” section). Scroll down to “Vulnerable Modms” section. If you are in this category, your ISP shouldn’t require you to use their modem. Any modem that meets or exceeds the requirements of
