Cable Haunt Virtual Patch just released
First came Cable Haunt exploit detection, and now prevention. Minim has just released Cable Haunt Virtual Patch, a feature that safeguards a vulnerably that now affects hundreds of millions of Broadcom based cable modems around the world.
Cable Haunt is exploitable via a DNS rebind attack, a malicious webpage script that a person may unknowingly load in their home or office. With this attack, the bad actor can take control of the network, force the modem/router to join a botnet, and eavesdrop on traffic.
"The specific vulnerability is abusing an interface that technicians can use to check the quality of the signal to your service provider," said Sam Stelfox, Senior Security Engineer at Minim and the developer behind the virtual patch. "The use of this interface requires them to be inside your house, a pretty safe security measure against abuse. When combined with a rebind attack, though, the trusted interface becomes available to any malicious website— vastly expanding the scope of the problem."
Starting today, Minim blocks Cable Haunt exploit attempts for cable modems/routers on our network. In the Minim mobile app, subscribers will see confirmation of protection in their security card. In the Minim Care Portal, service providers will see this confirmation as well as alerts for when the exploit attempt was detected.
"There are an estimated 200 million cable modems in Europe alone. With almost no cable modem tested being secure without a firmware update, the number of modems initially vulnerable in Europe is estimated to be close to this number. However, it is tough to give a precise estimate of the reach of Cable Haunt. The reason for this is that the vulnerability originated in reference software, which has seemingly been copied by different cable modems manufacturers when creating their cable modem firmware. This means that we have not been able to track the exact spread of the vulnerability and that it might present itself in slightly different ways for different manufacturers. We have contacted as many of the largest ISPs and manufacturers as we could ahead of time, to give them time to fix the issue, but with varying success." - CableHaunt.com
As mentioned by CableHaunt.com, the vulnerability itself is extremely hard to detect. So instead, Minim immediately identifies the exploit attempt— the DNS rebind attack— by the bad actor. We're uncovering all attempts to use this style of attack against cable modems, regardless of whether they're vulnerable or not. Our work on Cable Haunt will also protect against future network intrusions that use this technique.
Minim is on a mission to make home WiFi as safe and reliable as drinking water. If you're a Consumer Premise Equipment vendor or service provider who wants to learn more about Cable Haunt Virtual Patch and the rest of Minim's Usable Security Suite, contact us.