A Brazilian security analyst has documented multiple backdoors allowing remote access to Arris cable modems.
"While researching on the subject, I found a previously undisclosed backdoor on Arris cable modems, affecting many of their devices including TG862A, TG862G, DG860A," said Bernardo Rodriques on his personal blog. "As of this writing, Shodan [search engine] searches indicate that the backdoor affects over 600.000 externally accessible hosts and the vendor did not state whether it's going to fix it yet."
Arris is a leading manufacturer of cable modems, selling its devices to Comcast (NASDAQ: CMCSA), Time Warner Cable (NYSE: TWC), Charter Communications (NASDAQ: CHTR) and Cox Communications.
According to Rodriques, Arris modems have shipped since 2009 with firmware that contains an undocumented backdoor, which allows privileged logins with a different custom password for each day of the year. Many ISPs, he said, don't bother changing this.
Researching this vulnerability, Rodriques added that he found a kind of backdoor within a backdoor that is based on the last five digits of the modem's serial number.
Rodriques said he reported his findings to the Software Engineering Institute at Carnegie Melon University and to Arris. But he said he didn't get too much feedback from the vendor. He did comply with Arris' request not to publish the password generating algorithm for the back door.
"I'm pretty sure bad guys had been exploiting flaws on these devices for some time (just search for Arris DNS on Twitter, for example)," he said.
Technicolor completes acquisition of Cisco's CPE division, companies ink alliance for IoT, new video tech
Arris CFO: ActiveVideo acquisition gives us a cloud DVR play
Arris sees 13.1% decline in Q3 revenue amid sluggish CPE sales with AT&T and Verizon