dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
890

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

1 edit

1 recommendation

antdude

Premium Member

Arris Cable modems sharing TMI online.

»[Internet] How did this happen?

That's scary. :/ I wonder if other modem brands do this too.

Culet
@89.207.132.x

2 recommendations

Culet

Anon

What is the risk to an Arris user without a router or WiFi?
Wondering should I go back to the old Surfboard...
nony
Premium Member
join:2012-11-17
New York, NY

2 recommendations

nony to antdude

Premium Member

to antdude
ok antdude - I took the bait

»TWC Exposure Revisited
»Re: [WiFi] xfinitywifi channel
»Re: "Free" Wi-Fi from Xfinity and AT&T also frees you to be hacked
»[Internet] Arris PWOD Diagnostic Code with Variable Seeds
»ARRIS MD5 / ARRIS MIB WALK

Mix the above and shake well before consuming

-nony

Cthen
Premium Member
join:2004-08-01
Detroit, MI

1 recommendation

Cthen to antdude

Premium Member

to antdude
It's not all that scary. What is the worse to happen? Some one can read the info but can't do anything with it? You still need the password to access the advanced section to be able to do anything besides read the info. Even if some one had the password all they can do is reconfigure the modem. It's not like they can gain access to some one's life this way.

Still shouldn't be happening but not as scary as everyone is making out to be.
nony
Premium Member
join:2012-11-17
New York, NY

2 edits

2 recommendations

nony

Premium Member

One PoC Scenario-

war drive
find Arris unit
join prv net
do crime - (threaten a judge for best results)
watch front door of mark disappear

Many more scenarios.

It gets better!

-nony

Cthen
Premium Member
join:2004-08-01
Detroit, MI

1 recommendation

Cthen

Premium Member

That's IF you know where that person lives (which these pages do not give out). Sure, you can make the ones with WiFi unsecured but, how do you get their home address after that? It's nothing but a modem diagnostics page. Everything you describe is possible on any open WiFi and not just Arris ones either.

Again, this still shouldn't be happening but far from a "Chicken Little" scenario.
nony
Premium Member
join:2012-11-17
New York, NY

nony

Premium Member

»Re: [Internet] How did this happen?
»Re: [Internet] How did this happen?

-nony

bluepoint
join:2001-03-24

3 recommendations

bluepoint to Cthen

Member

to Cthen
said by Cthen:

That's IF you know where that person lives (which these pages do not give out). Sure, you can make the ones with WiFi unsecured but, how do you get their home address after that?

Two biggest cable providers(Comcast, TWC) uses Arris modems. It will not be hard to find one.
nony
Premium Member
join:2012-11-17
New York, NY

nony

Premium Member

And you can always go to wigle and not war drive at all.
»wigle.net/

-nony

Cthen
Premium Member
join:2004-08-01
Detroit, MI

Cthen to bluepoint

Premium Member

to bluepoint
said by bluepoint:

said by Cthen:

That's IF you know where that person lives (which these pages do not give out). Sure, you can make the ones with WiFi unsecured but, how do you get their home address after that?

Two biggest cable providers(Comcast, TWC) uses Arris modems. It will not be hard to find one.

Didn't mean to recommend, just wanted to see who else smoking something and getting all too paranoid.

It's not hard to find any open WiFi and pull something off. The situation that Nony describes can happen on a "McD's" open WiFi/modem, Starbucks, any pub/bar WiFi, or any others listed at wigle.net It's not hard to find an open WiFi period and cause someone problems.

I know some want to feel important by saying this is something bigger than what it really is but let's face it, simply reading modem pages over the internet doesn't mean the sky is falling.
nony
Premium Member
join:2012-11-17
New York, NY

3 edits

nony

Premium Member

Hey Buddy, I'm referring to private WPA2 keys being exposed in this thread and additional attack vectors. It's clear that you are confused because you didn't bother to read the details

Can you say WPA2?
»NYC TWC - Just got the Arris TG862 - can't access Web GUI

-nony

bluepoint
join:2001-03-24

1 edit

1 recommendation

bluepoint to Cthen

Member

to Cthen
said by Cthen:

I know some want to feel important by saying this is something bigger than what it really is but let's face it, simply reading modem pages over the internet doesn't mean the sky is falling.

When there is a backdoor opening to a modem router, it will not take long for a determined baddy to take advantage of the opportunity.
The first step is always to gain access then they figure it out.
nony
Premium Member
join:2012-11-17
New York, NY

nony

Premium Member

@Cthen

And we sure have a number of known backdoors as has been presented (and presented and presented)
»www.hopenumbernine.net/t ··· 9B22.mp3

-nony

Combover
@24.46.143.x

1 recommendation

Combover to bluepoint

Anon

to bluepoint
As in 'What's the worst that can happen?' Then the worst happens.

owlyn
MVM
join:2004-06-05
Newtown, PA

1 recommendation

owlyn to antdude

MVM

to antdude
I'm on Comcast with an Arris modem. When I try to access my Comcast IP address from outside my network (using my iPhone over LTE), all I get is a 502 Bad gateway error.
redwolfe_98
Premium Member
join:2001-06-11

1 recommendation

redwolfe_98 to antdude

Premium Member

to antdude
since only new arris modems seem to be affected by this issue, i would think that they must have something configured wrong, right?

i agree with bluepoint, i think it is just a matter of time before the cybercriminals figure out a way to exploit this..

Bill_MI
Bill In Michigan
MVM
join:2001-01-03
Royal Oak, MI
TP-Link Archer C7
Linksys WRT54GS
Linksys WRT54G v4

1 recommendation

Bill_MI

MVM

said by redwolfe_98:

since only new arris modems seem to be affected by this issue, i would think that they must have something configured wrong, right?

I'm not so sure it's only new modems. A few years ago I mistyped my 172. private address and found myself looking at someone's Arris modem page. It wasn't difficult to find my own modem's 172. address and confirm it identical to the usual 192.168.100.1 page (it was in the logs of all places). So any customer of WOW could access every other customer's modem!

Long story short, I told the rep in the WOW forum here and it was eventually locked down. No, it wasn't public addresses but I'll bet the combo of this exact same system combined with the clueless caused this same issue. Someone just used public addresses.
nony
Premium Member
join:2012-11-17
New York, NY

1 recommendation

nony

Premium Member

Technically, it's a function of a few NVRAM variables which can be set in a few places. See the sample XML files in your image.

What the software engineers advise, can be very different than what the product managers approve.

-nony