Cable Haunt - Remote Access Exploit Affects Hundreds of Millions of Cable Modems
Authored by: Support.com Tech Pro Team
1. Cable Haunt Information
A new attack has been made public. Known as "Cable Haunt", rather than targeting your computer or smartphone, this targets your cable modem — the box gives your whole home access to the Internet.
This guide will help you understand the problem, and more importantly, what you can do to help avoid being affected.
Fast Facts
Affected Modems
This is not an all-inclusive list — most modems are vulnerable. For a more complete list, visit the Cable Haunt website.
Confirmed by ISPs or security researchers:
Sagemcom F@st 3890
Sagemcom F@st 3686
Technicolor TC7230
Netgear C6250EMR
Netgear CG3700EMR
COMPAL 7284E
COMPAL 7486E
Netgear CG3700EMR
Confirmed by members of the community:
Arris Surfboard CM8200A
Arris Surfboard SB6183
Arris Surfboard SB8200
Netgear CM500
Netgear CM600
Netgear CM1000
Netgear CM1150
Technicolor TC4400
Technicolor TC7210
Technicolor TC7650
Zoom 5370
Cisco / Technicolor DPC3216
Cable Haunt - Further Information For more information about the exploit, the researchers have setup the following page.
5. What can I do to help guard against Cable Haunt?
At the time of writing, no known public exploits have been made, only in the lab and in example code published recently.On the Modem Itself
If you are using a separate modem and router, rather than a Wireless Gateway (modem and router all-in-one), you have some increased security against this. Because your network (your home computer, smartphone, and other devices) is separate from the modem itself by your router, there's less risk while manufacturers and ISPs work to patch this exploit.
If you have a Wireless Gateway, unfortunately, the primary attacks that could be performed are on the same device, and you simply need to wait till this is patched.
On Your Computer
If you are using security software that monitors websites such as an anti-virus suite, make sure it's up-to-date so you won't be infected that way in the first place.
Contact your ISP. Right now, the researchers who originally published this research have been quietly working behind the scenes for over a year concerning this, and have unfortunately gotten very little traction, which is why they have made the exploit public. They hope that, by putting this out publicly, before it is seen in-the-wild, companies will work to fix the problem before it becomes a problem you have to worry about.
This isn't a fault or bug with your computer, rather this is a bug in the modem itself that is vulnerable to attack.
This announcement has been made rather publicly, so most ISPs have started serious work to patch modems in use. Because, as a user, you are affected by this but unable to do much to solve it, it is also your ISPs responsibility to keep you informed on their patching efforts. Details your ISP may need are provided on the Cable Haunt page.
Further Information For more information about the exploit, the researchers have setup the following page.