Ars: Internet routers running Tomato are under attack by notorious crime gang

[ColinTaylor]

I guess you guys forgot about the Cable Haunt Security vulnerability for cable modems reported on this site. I read here late as I was out of state. I added a ACL to block 192.168.100.1 to protect me.

Interesting stuff, but not exactly what we're talking about here.

Cable Haunt is a vulnerability that is exploited from the LAN side by hijacking the user's web browser.

 

[L&LD]

Thanks @ColinTaylor, more information to digest.

So, a specific ISP's 'tech' cannot connect to a that ISP's modems unless... ???

I believe I have seen cable 'techs' connect from networks outside their own to fix/verify issues for third parties. Am I mistaken?

 

[ColinTaylor]

I believe I have seen cable 'techs' connect from networks outside their own to fix/verify issues for third parties. Am I mistaken?

Maybe, without knowing the specifics I couldn't really comment. Of course, as I alluded to earlier, it's possible to connect to a server on the customer's LAN and from there gain access to the modem interface.

 

[L&LD]

As far as I know they connected directly to the modem, but I may be wrong about that too.

 

[anotherengineer]

Anyone who uses the default passwords should be banned from the internet for life

Seriously, manufacturers should not be permitted to even have default passwords. This sort of thing should be a forced config at setup. Unfortunately it doesn't stop people from using "1234567". Oh crap, I just revealed MY password.....

Where I see this being really scary is ISP gateways. Everyone I have configured has been default name and default password.

 

[schonzen]

As far as I know they connected directly to the modem, but I may be wrong about that too.

As far as I know the industry standard for ISP technician tools is to utilize SNMP for basic remote control of the modems, furthermore from what I've read all cable modems support this (including privately owned ones). After all, what good would owning your own modem be if it didn't allow the ISP to keep you well connected to the internet.

Even more so a private modem doesn't ship with every ISP's configuration data, they essentially network boot (there is a specific name for it but I don't feel like finding it) from a server ran by the ISP (this is why following your ISPs compatibility list is so important, if their server doesn't have a configuration for your model of modem it will never work).

I assume properly/well set up ISPs have the proper SNMP security measures in place in their modem config files, I also believe most ISPs firewall SNMP at all peer links so you couldn't receive SNMP attacks from outside a good ISP.

@anotherengineer all the "default" passwords I have seen on recent cable ISP gateways (the modem, landline, router, wifi, LAN switch) have all been randomized and written on a sticker, so it isn't internet exploitable without inside knowledge. Yes, this means you can walk up and flip it over and know the password but, let's be honest, physical access is enough for most skilled attackers to defeat any consumer security anyway.

TLDR: Simple, non-combo, cable modems should be pretty safe, but it is (and has to be) ultimately your ISP's responsibility to properly manage and secure them.