Search in blog
How to use PrivateRouter's app with a DDWRT Router3988 viewsHow to use PrivateRouter's app with a DDWRT RouterRead more
How the Attack Works
Once the modem has become fully compromised, the attacker has complete control. The modem can essentially be weaponized against the user and the rest of the internet at large. Lyrebirds described their findings as such:
"The vulnerability enables remote attackers to gain complete control of a cable modem, through an endpoint on the modem. Your cable modem is in charge of the Internet traffic for all devices on the network. Cable Haunt might therefore be exploited to intercept private messages, redirect traffic, or participat[e] in botnets."
Am I in Danger?
Cable Haunt is a proof of concept attack. Lyrebird has proven that this type of attack is possible and demonstrated exactly how it might happen. There have not yet been proven cases of Cable Haunt or similar attacks impacting actual internet users. Just because we have not discovered malicious people or organizations utilizing this vulnerability does not mean it isn’t cause for concern – there’s no way of telling if anyone other than the research group as found this vulnerability.
Since this kind of attack would be very hard to detect, it’s possible (and even likely) that the exploit has been carried out to some degree. Hackers are very persistent when they want something, and they’re more successful in obtaining and maintaining power if they allow their discoveries to fly under the radar.
If your modem could be impacted by the Cable Haunt exploit, you should immediately change your modem. This vulnerability has been made known to the world, and hackers who are not already exploiting it or intending to exploit it may start to develop meaningful plans to do so.
The Impacted Modems
The exploit is known to work on a multitude of firmware versions used on the following cable modems:
The Versatile Ways the Attack Can Work
Funnily enough, the main attack can easily be rebutted by one thing – Firefox. The Firefox browser uses a websocket that is incompatible with the websocket used by the modem’s spectrum analyzer. This, however, would not leave a potential attacker without options.
Long story short, there are about a million ways the attack can be repurposed or restructured protective mechanisms in cable modems with subpar or outdated firmware. Lyrebird has it all mapped out, and they’ve made the information available. Think of these vulnerabilities like an exploitable hydra – one vulnerability is cut off, and three more grow back in its place.
It’s easier to understand this exploit from the perspective that there’s almost always a workaround, even in cable modems that are slightly more difficult to attack directly. If you’re utilizing a vulnerable modem, it’s smart to stop using it.
The People Who Are Affected
It’s difficult to count on a normal cable modem to keep you safe online, as the 200 million people with vulnerable modems are coming to find out on the back of Lyrebird’s discovery. When possible, opt for a highly secure VPN router like one from PrivateRouter. Advanced routers with advanced security precautions will prevent most attacks from being able to execute and keep prying eyes at bay.