1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Cox fixes modem security flaw that could have affected millions

    From TechnologyDaily@1337:1/100 to All on Tue Jun 4 13:45:05 2024
    Cox fixes modem security flaw that could have affected millions

    Date:
    Tue, 04 Jun 2024 13:41:51 +0000

    Description:
    Vulnerability could have allowed hackers to elevate permissions and even
    steal sensitive data from Cox routers.

    FULL STORY ======================================================================

    Modems supplied by Cox Communications were apparently vulnerable to a
    security flaw that allowed threat actors to steal sensitive user information.

    The flaw was discovered by cybersecurity researcher Sam Curry, who shared his findings with Cox and helped plug the hole.

    Curry explained he found an authorization bypass vulnerability that threat actors could have used to expose backed APIs. This would allow them to reset the settings of the vulnerable modems , essentially granting themselves the same permissions as if they were the ISPs support technicians. Practical applications

    "This series of vulnerabilities demonstrated a way in which a fully external attacker with no prerequisites could've executed commands and modified the settings of millions of modems, accessed any business customer's PII, and gained essentially the same permissions of an ISP support team," Curry said
    in a blog post outlining his findings.

    The practical applications of this abuse is quite serious, too, as the attackers could search for Cox customers using their names, phone numbers, email addresses, or even account numbers. From there, they can steal the valuable information and use it in identity theft, phishing attacks, social engineering, and more. They could even steal connected devices Wi-Fi passwords.

    Email addresses linked to different services, such as telephony or internet, equal to hitting the mother lode for cybercriminals, as that helps them
    tailor phishing emails and increase their chances of success.

    "There were over 700 exposed APIs with many giving administrative functionality (e.g. querying the connected devices of a modem), Curry further explained. Each API suffered from the same permission issues where replaying HTTP requests repeatedly would allow an attacker to run unauthorized commands."

    The vulnerable API was taken down the same day when Curry reported it, and
    Cox came out with a patch on March 3.

    Via BleepingComputer More from TechRadar Pro Modems used in many industrial IoT sectors could be easily hacked Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/cox-fixes-modem-security-flaw-that-coul d-have-affected-millions


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)