Newly discovered ‘Cable Haunt’ flaw exposes nearly 200 million Broadcom-based modem cables to MITM attacks
- The vulnerability impacts a standard component of Broadcom chips called a spectrum analyzer.
Nearly 200 million cable modems using Broadcom chips are vulnerable to a new vulnerability named Cable Haunt. The vulnerability impacts a standard component of Broadcom chips called a spectrum analyzer. The spectrum analyzer protects the cable modem from signal surges and disturbances coming via the coax cables.
More details about the flaw
A team of four Danish security researchers has tracked the vulnerability as CVE-2019-19494.
What is the impact?
By exploiting the ‘Cable Haunt’ flaw, the attackers can perform a range of malicious activities such as:
- Change default DNS server;
- Launch remote man-in-the-middle attacks;
- Hot-swap code or even the entire firmware;
- Upload, flash and upgrade firmware silently;
- Disable ISP firmware upgrade;
- Change every config file and settings;
- Get and Set SNMP OID values;
- Change all associated MAC addresses;
- Change serial numbers;
- Turn devices into bots for botnet attacks.
PoC for the exploit released
The researchers have published a proof-of-concept for the Cable Haunt vulnerability on a dedicated website.
"The purpose of this website is to inform as many affected users and providers as possible, in order to improve their ability to protect themselves," researchers said, ZDNet reported.
It is estimated that the flaw affects millions of modems in Europe alone. Till now, four ISPs across Scandinavia - Telia, TDC, Get AS and Stofa - have released patches. Many other firms across Europe are expected to address the issue soon.