Recent research has revealed that some wireless modems provided by Internet service providers (ISPS) have severe vulnerabilities hackers can exploit.
Security research company, SEARCH-LAB, has over the past one year analyzed modems provided to Hungarian customers by Liberty Global’s telecommunication services provider UPC broadband. The telecommunications service provider is the mind modem devices such as Ubee, Technicolor, Hitron, Compal, and Cisco. These devices, according to researchers, are offered by ISPs globally.
SEARCH-LAB’s security analysts spent periods between three hours and two weeks manually analyzing these models; Cisco EPC392, Ubee EVW3226, Hitron CGNV4, Technicolor TC7200, and Compal CH7465LG. As much as 58 security loopholes are present in these devices. Most of the weaknesses could allow an attacker to gain administrator access to connected devices. Attackers could also make configuration changes in the devices and execute arbitrary codes.
The list of bugs, provided by SEARCH-LAB, included command injection, insecure session management, information disclosure, CSRF, default password issues, buffer overflow, and authentication bypass. The researchers discovered 40 of the bugs in the Compal model. The researchers spent two weeks analyzing the device as it was part of Liberty Global’s commissioned pilot project. The security analysts examined the other modems for three hours. The researchers found very few vulnerabilities in these devices. However, according to Security Weekly, who talked to SEARCH-LAB, many vulnerabilities would have come up had the researchers spent more time analyzing these wireless modems.
SEARCH-LAB raised a particular concern on the default Wi-Fi passphrases in the modems. The analysts pointed out that it is very insecure to use default passwords. A brute force attack on the Ubee devices, Technicolor, and Cisco can reveal the passphrases within a few seconds. Manufacturers generate default passphrases from readily available data such as MAC addresses and serial numbers.
SEARCH-LAB reported all the vulnerabilities it found to Liberty Global. The latter has since notified the device manufacturers. A few of the security concerns were easy to address. Unfortunately, some of the loopholes, such as the use of default passwords, are hard to solve. Manufacturers print the default passwords on the modems. Very few customers consider changing them.
To address the issue, SEARCH-LAB has initiated a wardriving test in Hungary to determine the number of users using the default passwords. UPC has previously advised clients to change the default passwords. Gergely Eberhardt, a researcher with SEARCH-LAB, said that the company also discovered that residential Wi-Fi connections operated by the modems mentioned above could easily be victims of attacks by hackers on the street. The hacker could then execute code after gaining control of other connected devices.