said by hudiat:Not to mention anyone on wow can acces their whole neighboorhoods modems. Including the router portion of combo units. Good security!
Yes. WOW was notified privately, due to the severe risk associated with this, in December of 2011. They not only declined to address it, they denied that this was a security issue in a network with BPI+
actively disabled. I found it during troubleshooting. It's much, much worse than just that.
They were also notified in no uncertain terms that
full access to a customer's modem could be obtained by attackers using known exploits and methods which are in the wild, as well as the fact that the Cisco DPC2100's were running a firmware version with a known security problem - specifically,
CVE-2010-2025 and CVE-2010-2026. Contrary to WOW's claims, customer DPC2100's remain vulnerable. Go ahead. Test it.
I identified and privately informed them of no less than five major security or safety issues associated with their network and configurations, all of which have the potential to expose customer data and information. A NOC primate by the name of Mike who doesn't even know what a "DSL Access Module" is yet lists being an 'expert' with "D slam" on his resume basically replied that MITRE and Cisco and six CCIEs all had no clue.
To this day, a rogue modem can STILL take out or take over an entire region accidentally, to say nothing of intentionally. And no, you do not want to know just how dangerously vulnerable the UltraTV boxes are. Arris refuses to participate in the normal security community - including reporting to CERT or MITRE CVE - after being embarrassed by a vulnerability that let attackers take out the C3 at will, so there
are vulnerabilities in the wild that you don't know about but attackers do. (Which frankly, is true of most anything.) ProTip: HMAC-MD5 does NOT protect sufficiently against orange Motos and bored kids with Google.
Suffice to say, anybody with actual malicious intent would have NO trouble taking over WOW's equipment and networks, and WOW would have absolutely no idea it was going on. Any customer on the network can access infrastructure gear in a number of extremely dangerous ways, because it's configured with insecure and unsafe defaults.
Yeah. I'm really crying wolf and complaining about dangerous security problems that they refuse to acknowledge despite having exact attack profiles explained is "chronic complaining."