Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    CableTap Vulnerabilities Detailed at DefCon Expose ISP Gateway Risks

    By
    Sean Michael Kerner
    -
    July 31, 2017
    Share
    Facebook
    Twitter
    Linkedin
      CableTap

      While some hackers were busy on one level of the DefCon security conference in Las Vegas, hacking voting machines, others were detailing a set of 26 vulnerabilities dubbed ‘CableTap’ flaws that impact wireless gateway and set-top boxes provided by internet service providers (ISPs)and cable television operators.

      The impacted vendors and ISPs include Comcast, Time Warner, Cisco, Arris and Motorola, with the researchers estimating that tens of millions of ISP customers are at risk.

      The CableTap vulnerabilities were publicly disclosed on July 29 at DefCon by a team of researchers including Marc Newlin and Logan Lamb from Bastille Networks, and Christopher Grayson from Web Sight. Newlin noted that the CableTap vulnerabilities could enable a complete compromise of the impacted devices and if not patched, could have potentially exposed millions of users to risk. 

      Due to the high number of vulnerabilities, the researchers responsibly disclosed the vulnerabilities to the impacted vendors in four different groups through March and April 2017. Public disclosure of the vulnerabilities was delayed until July 28 to give the vendors time to patch the flaws.

      At the root of many of the CableTap vulnerabilities, is an open-source library known as RDK (Reference Development Kit) which provides a base set of capabilities that ISPs have used to build gateways and set-top boxes firmware. Grayson explained that while the open-source project has issued multiple patches for different vulnerabilities, not all of those patches have found their way into devices deployed by consumers.

      Among the vulnerabilities included in CableTap is CVE-2017-9475, which is a flaw in the Comcast XFINITY WiFi Home Hotspot that could potentially enable an attacker to impersonate a Comcast customer connected to an “xfinitywifi” hotspot.  The vulnerability could allow an attacker to access the internet, with any malicious activity being attributed to the Comcast customer they are impersonating.

      The way the vulnerability works is that when a Comcast customer connects to an “xfinitywifi” hotspot on a previously unregistered device, they first login to their Comcast account in order to access the Internet. The WiFi MAC (Media Access Control) address of the newly connected customer device is then associated with the correct Comcast account. Whenever the Comcast customer connects to another “xfinitywifi” hotspot, it is authenticated using the WiFi MAC address.

      “An attacker can impersonate a Comcast customer by wirelessly sniffing the MAC addresses of a device connected to an “xfinitywifi” hotspot, and then configuring their device to use the same MAC address,” the CableTap CVE-2017-9475 advisory states.

      The CableTap vulnerabilities also include one on Time Warner gateways identified as CVE-2017-9522. As is the case with Xfinity issue, the Time Warner flaw enables an attacker to access the Internet for free, with any malicious activity being attributed to the customer they are impersonating.

      “A vulnerability has been discovered that enables an attacker to connect to a Time Warner customer’s WiFi network, provided that the customer’s gateway is using the default WiFi credentials,” the CableTap advisory states. “The default WiFi passphrase is a combination of the SSID and BSSID, making it trivial for an attacker to connect to a Time Warner customer’s WiFi network.”

      The Service Set Identifier (SSID) is the name associated with a given WiFi access point while the Basic Service Set Identifier (BSSID) provides the MAC address for the access point.

      While hard-coded credentials and misconfiguration are to blame for a number of CableTap issues, some of the vulnerabilities identified by the CableTap researcher were the result of vendors using the FastCGI protocol in combination with the PHP programming language.

      “It’s not a good idea to take random inputs from the internet and then let them run locally,” Lamb said.

      Vendor Response

      According to Bastille, many of the CableTap vulnerabilities have been patched. As part of its own disclosure, Bastille included the response it received from Comcast. 

      “Nothing is more important than our customers’ safety, and we appreciate Bastille bringing these matters to our attention,” Comcast wrote in a response sent to Bastille Networks. “We have made a number of updates to our software and systems to prevent the issues Bastille identified from impacting Comcast customers, including breaking the attack chains Bastille described in this paper.”

      Bastille has a few simple suggestions for users that might be impacted by CableTap.

      “Ensure your device is running the latest version of its firmware, and if you have further questions, please contact your ISP,” Bastille stated in its advisory.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×