A researcher discovered numerous security flaws in Cox modems that allowed device hacking to remote attackers. Exploiting the vulnerabilities could let an adversary take control of a target Cox modem, execute commands, and meddle with the device settings.
Cox Modem Vulnerabilities Allowed Remote Attacks
According to a recent post from the researcher Sam Curry, numerous vulnerabilities impacted the security of Cox modems, allowing remote modem hacking.
As explained, the series of vulnerabilities together led to an authorization bypass issue in the backend API that allowed an adversary to take over target Cox modems. Abusing the exposed APIs could let the adversary access customers’ personal information, such as names, phone numbers, email addresses, and account numbers. Moreover, the APIs also exposed WiFi passwords and hardware MAC addresses of connected devices. That means using this particular vulnerability risked all connected devices.
Since the vulnerability existed in these modems for years, it made millions of devices vulnerable to security threats.
Describing further, the researcher explained that the vulnerabilities resulted in around 700 exposed APIs, some of which could even allow admin access, letting an attacker execute unauthorized commands, modify device settings, and gain ISP-level permissions.
Patch Deployed
Considering that Cox ranks among the top US broadband, telephone cable, and phone carrier services, the proportionately huge number of vulnerable devices indicates the extent of damage in case of malicious exploits.
Thankfully, following the researcher’s report, Cox patched the vulnerabilities within 24 hours, preventing any active attacks. The firm also assured that it had detected no exploitation attempts in the past.
However, an interesting aspect of the researcher’s report is the active hacking attack on his own modem. The unknown adversary kept the researcher’s device compromised for quite some time, remaining undetected all the while. Though the researcher tried to trace the unknown adversary, he could spot the vulnerabilities and get them patched, remaining unsuccessful in tracking the attacker(s) on his own device.
Anyhow, now that Cox has deployed the patches, users must ensure that their devices are updated with the latest patches to address the modem vulnerabilities.
Let us know your thoughts in the comments.
