• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security

Flaws in ISP gateways let attackers remotely tap internet traffic

August 7th, 2017 Waqas Security 0 comments
Flaws in ISP gateways let attackers remotely tap internet traffic
Share on FacebookShare on Twitter

Defcon is the most important event for the DIY hacking community and this year too, the conference was held in the same spirit. We got to learn about a variety of novel hacking ideas such as the hacking of Voting Machines, hacking airborne drones, hijacking phone numbers and Internet connected car wash system etc. However, there is one story that has been somewhat ignored by many within the tech fraternity but which is extremely important to be noted.

This was noticed by David Holmes of SecurityWeek who reported that it was the “Cable Tap: Wireless Tapping Your Home Network” talk, which initially was believed to be just a brief discussion on how to track what’s happening on your home network but in reality, it turned out to be way “broader” in its scope. 

Marc Newlin, Logan Lamb and Christopher Grayson with Bastille Networks and Web Sight have managed to identify 26 different flaws and weaknesses in the ISP network devices. These vulnerabilities would easily provide remote admin access to most of the home networks currently used in the US.

CableTap whitepaper: https://t.co/se9T703Kn0

— Marc Newlin (@marcnewlin) July 30, 2017

The crux of the research was that there happen to be a large number of critical weaknesses in “ISP provided, RDK-based wireless gateways and set-top boxes.” These vulnerabilities are identified in devices manufactured by Cisco, Arris, Technicolor, and Motorola.

“We discovered a wide array of critical vulnerabilities in ISP-provided, RDK-based wireless gateways and set-top boxes from vendors including Cisco, Arris, Technicolor, and Motorola. Our research shows that it was possible to remotely and wirelessly tap all Internet and voice traffic passing through the affected gateways, impacting millions of ISP customers.”

The research team demonstrated at Defcon that remotely and wirelessly tapping all the Internet and voice traffic that passed through an active gateway was possible.” They also stated that these findings applied to tens of millions of ISP customers. The scope of hack ranges from reverse-engineering the Comcast Xfinity routers’ MAC address generation process to exploit the flaws present in the FastCGI Subsystem. This system is used by web servers like Apache, Lighttpd, and Nginx.

Until now we believed that Xfinity access point ensures that you have your private network and offers a public wireless network “Xfinity wifi” for providing an access point to roaming Comcast customers, who can use it by entering their credentials. However, at the Defcon it was revealed that it has another hidden WiFi network apart from the above mentioned two. This network is named XHS-XXXXXXXX. XXXXXXXX indicates the lower four bytes of the cable modem/CM MAC and this hidden WiFi network is generated deterministically through the interface’s MAC address.

The team of researchers identified around four different methods to get the MAC address and one of these methods use the Xfinity wifi public network connectivity since the DHCP ACK contains the CM MAC address. When the researchers hacked the Xfinity wifi using the MAC address, they were able to understand the passphrase and access the Xfinity wifi network without needing to use their personal Comcast credentials.

This means, if there is malicious activity noted on that network, it should be attributed to the cable modem owner. There is another flaw in their chain of attacks, which was brute-forcing of the radio-frequency pairing of remote voice control of Comcast. This could be used to attack or infect Xfinity set-top boxes.

Most noteworthy among all the information shared at the talk was the reference development kit/RDK. It is an open-source platform used by internet service providers in cable modems and set-top boxes. Although developers regularly patch RDK around the globe, it is open-source and therefore, anyone can identify source changes for further vulnerability fixes even months before the fix is applied to the millions of set-top boxes used by Americans.

Why is this story so important? That’s because: “Nothing is more important than our customers’ safety, and we appreciate Bastille bringing these matters to our attention. We have made some updates to our software and systems to prevent the issues Bastille identified from impacting Comcast customers, including breaking the attack chains Bastille described in this paper,” stated Comcast.

Via: SecurityWeek
Source: Defcon

  • Tags
  • Flaw
  • hacking
  • internet
  • ISP
  • Privacy
  • security
  • Technology
  • Telecom
  • Vulnerability
  • WIFI
  • Wireless
Facebook Twitter LinkedIn Pinterest
Previous article Microsoft not releasing patch for 20-year-old SMB flaw
Next article Siemens medical scanner on Windows 7 vulnerable; patch coming soon
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Man jailed after attempting to buy 3-year-old girl on dark web
Cyber Crime

Man jailed after attempting to buy 3-year-old girl on dark web

78
SonicWall hacked after 0-day flaws exploited by hackers
Hacking News

SonicWall hacked after 0-day flaws exploited by hackers

117
Massive privacy risk as hacker sold 2 million MyFreeCams user records
Cyber Crime

Massive privacy risk as hacker sold 2 million MyFreeCams user records

156

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us