Security breach affects 200 million modems in Europe

A group of Danish experts discovered a vulnerability on an integrated chip on hundreds of millions of cable modems. This flaw could allow an attacker to take control of the modem remotely and use it for malicious purposes, such as spying, redirecting traffic or creating a botnet.

Security breaches don’t just affect software and applications, they can also hide in hardware. We recently remembered the flaw in the Intel processors that had endangered millions of computers and servers. This time it’s a Broadcom component, one of the leaders in this industry, and the danger is just as huge.

The name of the faultCable Haunt. Four security experts from the LyreBirds collective discovered it in a chip that equips more than 200 million cable modems deployed in Europe, including Sagemcom very present in France. Suffice to say that it may concern one in two Europeans, or three, depending on the equipment.

It is more precisely a function of this chip, the one that analyzes the spectrum. It protects the modem from overvoltages, but it also allows a remote access provider (ISP) to correct a malfunction. And this is precisely where the vulnerability is found since to connect to this chip, the identifiers are left by default, and they are common to all the chips.

Multiple possible damages

As a result, a seasoned hacker could perfectly imitate the access provider and take control of this chip. Admittedly, this requires several hours of implementation, but on arrival, the damage could be considerable. The two researchers thus listed the damage created such as remote control of activity on the Internet, traffic redirection, integration into a botnet or even updating the firmware. They even offer a demonstration of piracy, but also to test their modem.

As it stands, the ISPs are responsible for correcting the flaw, and several in Scandinavia reacted immediately. The problem is that it is complicated for researchers to know if the fault is corrected everywhere since it concerns hundreds of millions of boxes