Cox fixes modem security flaw that could have affected millions

(Image credit: Future)

Modems supplied by Cox Communications were apparently vulnerable to a security flaw that allowed threat actors to steal sensitive user information. 

The flaw was discovered by cybersecurity researcher Sam Curry, who shared his findings with Cox and helped plug the hole.

Curry explained he found an authorization bypass vulnerability that threat actors could have used to expose backed APIs. This would allow them to reset the settings of the vulnerable modems, essentially granting themselves the same permissions as if they were the ISP’s support technicians.

Practical applications

"This series of vulnerabilities demonstrated a way in which a fully external attacker with no prerequisites could've executed commands and modified the settings of millions of modems, accessed any business customer's PII, and gained essentially the same permissions of an ISP support team," Curry said in a blog post outlining his findings.

The practical applications of this abuse is quite serious, too, as the attackers could search for Cox customers using their names, phone numbers, email addresses, or even account numbers. From there, they can steal the valuable information and use it in identity theft, phishing attacks, social engineering, and more. They could even steal connected devices’ Wi-Fi passwords.

Email addresses linked to different services, such as telephony or internet, equal to hitting the mother lode for cybercriminals, as that helps them tailor phishing emails and increase their chances of success.

"There were over 700 exposed APIs with many giving administrative functionality (e.g. querying the connected devices of a modem),” Curry further explained. “Each API suffered from the same permission issues where replaying HTTP requests repeatedly would allow an attacker to run unauthorized commands."

The vulnerable API was taken down the same day when Curry reported it, and Cox came out with a patch on March 3.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.