Skip to main content

Backdoor In A Backdoor Discovered By Brazilian Security Researcher in ARRIS Modems


Bernardo Rodrigues, a Brazilian security researcher preparing to give a talk at the Nullbyte Security Conference on cable modem security has discovered a previously undisclosed backdoor within a backdoor that is present on some ARRIS cable modems. The backdoor affects many models including the TG862ATG862GDG860A. According to Bernardo, a search on Shodan, the world's first search-engine for interconnected devices (Internet of Things), reveals over 600,000 affected devices.



Does your modem look like either of the two above? If so, do read on as you might be affected by the new security flaw discovered.

The Backdoor In A Nutshell

The ARRIS Password of the Day is a backdoor that has been known since 2009 on many of ARRIS' small office home office cable modems. Based on a seed provided by your Internet Service Provider, which generates a "password of the day", it basically allows technicians to view and change your network settings remotely through a restricted technician's shell.

While analyzing how the earlier backdoor works, Bernardo discovered some interesting code in the authentication code, that allows you to get a full busybox shell when you log on to the Telnet/SSH session with the last 5 digits of your modem's serial number instead of the "password of the day". In other words, this is a backdoor within a backdoor. What makes this more disconcerting than the previous Password of the Day backdoor is that it grants attackers even more tools to access the modem, packet sniff and launch a sophisticated attack on your network.

What Now?

Bernardo, the security researcher, went public with this backdoor within a backdoor 65 days after reporting it and waiting to no avail for a fix. If you want a more detailed understanding of how the backdoors work, we encourage you to read his very informative blog post which includes some screen shots of the backdoor at work. 

The obvious question many people have is whether changing your modem a good solution? Given the mechanism of firmware/software updates and nature of remote diagnosis tools, we wouldn't be surprised if similar backdoors exist on other modems as well. The best thing you can do is to be aware and stay informed if and when the modem companies / ISPs patch these obvious security flaws. Pressuring them to get it fixed via social media might help too.

One additional step you can take if you're planning to buy a new modem, router or gateway, check with the customer support (especially if it's an ARRIS) if such a security loophole is present on the model you're intending to buy. It might not be perfect, but hey, at least you tried.    


Popular posts from this blog

How to View YouTube Shorts in the Regular YouTube Player

YouTube's "Shorts" is YouTube’s answer to TikTok and Instagram reels but let’s be honest, the YouTube Shorts player lacks some functionality, such as the ability to fast forward and go back in the video. However, you might be surprised to know that every video that loads in the "Shorts" player is actually a regular video, and by changing the URL slightly, you can load the same video in the regular player along with all the functionality of a traditional YouTube video. Changing the URL Changing the URL is the easiest way to switch the player from a technical standpoint. It’s so easy even your grandma can do it, as long as she knows how to type an address into the address bar of a browser.   Let’s use this super popular short video about AI taking over ping pong as an example. Look in the URL bar of a video playing in the "Shorts" player, where you should see the text Shorts/. Replace that text with watch?v= and load the new URL. So in this

How To Change Bluetooth Name On Android

This post will take you step-by-step through the process of changing the Bluetooth name of your devices on an Android phone. There are pictures as references in case you get lost along the way. Change Bluetooth Name On Android | Step-by-step 1. Unlock your Android phone and go to Settings Unlock your phone and click on the Settings Icon It goes without saying, but the first thing you need to do is unlock your phone. By default, the settings icon will be on your home page like in the picture above. If you don't have the settings icon, you can search for 'Settings' in the Android search bar. 2. In the Settings page, click on Bluetooth Click on the Bluetooth settings to open up the Bluetooth Settings menu Click on the Bluetooth settings which should be at the top of your Settings page. If it doesn't, scroll down till you find it or just search for it in the search bar at the top of the Settings page. 3. Click On Device Name To Change Your Phone's Bluetooth Name Click o

Microsoft Project Oxford: Machines That Recognize Human Emotion

One of the things that separate humans from machines is that we're able to recognize and distinguish between different emotions when we interact with others. With advances in Artificial Intelligence (AI), Machine Learning and computing power in general, apps and programs are being created that are able to recognize speech, identify faces and now even distinguish between different emotions!