dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1806
share rss forum feed


The_Hippo

@suddenlink.net

Security vulnerability affecting Arris DG950A cable modems.

I recently spoke to Suddenlink about this issue and was informed that there is nothing that they are able, or willing, to do to fix a critical security flaw. The firmware that ships with the Suddenlink rented modems do not allow the end user to add, edit, or remove user logins to the router itself. All of the default logins are easily searchable online. This could potentially allow anyone who is within range of your WiFi network to sniff the traffic between the client and access point and capture the 4-way authentication handshake. After this, it is a very trivial matter to extract from that, the WPA/WPA2-PSK and log into your network without authorization. Once connected to your network, in addition to being able to capture all of the data being transmitted across it, with the default (and ONLY) logins, they have direct access to your routers configuration, opening up all sorts of potentially dangerous and or embarrassing exploits.

The only interim workarounds I can see, is setting up MAC filtering, which is not only a bit tedious, but in itself not entirely secure as one could spoof the MAC address of a known client connected to the AP, then broadcast a deauth packet to the router and then auth themselves using the spoofed MAC address. Disabling BSSID broadcast would be effective, but yet again, if someone is determined, it still will not prevent them from gaining access by simply sniffing the ESSIDs of clients that are transmitting data to the AP and pulling the BSSID from a packet capture.

I asked to be updated by Suddenlink on the issue, and will post the information here when and if it arrives.

My best suggestion to anyone affected by this is to closely monitor your wifi traffic and look for unrecognized clients.

Just thought I'd give a heads-up to those who may be concerned about the security of their networks.



Chubbzie

@nc.us

Have you also contacted the Wi-Fi Alliance to report the inherent security vulnerabilities with WPA/WPA2? Considering both of those insecure protocols are the real reason that the intrusion was even a possibility. In my opinion, someone that has cracked my network & in promiscuous mode monitoring and capturing all of my data would be the much larger issue at hand.

Thanks for the heads up though, any and all security alerts are greatly appreciated! Do you have the ability to purchase your own modem with your service?



Cabal
Premium
join:2007-01-21
Reviews:
·Suddenlink
reply to The_Hippo

said by The_Hippo :

This could potentially allow anyone who is within range of your WiFi network to sniff the traffic between the client and access point and capture the 4-way authentication handshake. After this, it is a very trivial matter to extract from that, the WPA/WPA2-PSK and log into your network without authorization.

If that was the case, a default router login would be the least of your problems.

Fortunately, it's not.
--
If you can't open it, you don't own it.

Cobra11M

join:2010-12-23
reply to The_Hippo

Why not just buy a new router and not from suddenlink them selves? routers now days can be had for cheap, heck even if its a g router you would be more secure than what the standard ones suddenlink rents out..

ebay and amazon are your best friends heck even craigslist

even if it means buying a modem separate and router.. that's the best option


jdmm72

join:2002-02-12
Nitro, WV
Reviews:
·Suddenlink

said by Cobra11M:

even if it means buying a modem separate and router.. that's the best option

That is the best option anyway, no doubt. That way YOU have control over YOUR network, not SL or any script kiddies that this vulnerability exposes...Plus when stuff craps out, you have the ability to diagnose and fix, if it on your end.