Cox fixes modem security flaw that could have affected millions

Vulnerability allowed hackers to elevate permissions

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Modems supplied by Cox Communications were apparently vulnerable to a security flaw that allowed threat actors to steal sensitive user information.

The flaw was discovered by cybersecurity researcher Sam Curry, who shared his findings with Cox and helped plug the hole.

Curry explained he found an authorization bypass vulnerability that threat actors could have used to expose backed APIs. This would allow them to reset the settings of the vulnerablemodems, essentially granting themselves the same permissions as if they were the ISP’s support technicians.

Practical applications

“This series of vulnerabilities demonstrated a way in which a fully external attacker with no prerequisites could’ve executed commands and modified the settings of millions of modems, accessed any business customer’s PII, and gained essentially the same permissions of an ISP support team,” Curry said in ablog postoutlining his findings.

The practical applications of this abuse is quite serious, too, as the attackers could search for Cox customers using their names, phone numbers, email addresses, or even account numbers. From there, they can steal the valuable information and use it in identity theft, phishing attacks, social engineering, and more. They could even steal connected devices’ Wi-Fi passwords.

Email addresses linked to different services, such as telephony or internet, equal to hitting the mother lode for cybercriminals, as that helps them tailor phishing emails and increase their chances of success.

“There were over 700 exposed APIs with many giving administrative functionality (e.g. querying the connected devices of a modem),” Curry further explained. “Each API suffered from the same permission issues where replaying HTTP requests repeatedly would allow an attacker to run unauthorized commands.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The vulnerable API was taken down the same day when Curry reported it, and Cox came out with a patch on March 3.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Nokia confirms data breach leaked third-party code, but its data is safe

Rising AI threats are making firms turn back to human intelligence

Black Friday is here: Sony XM5 over-ears drop to their lowest-seen price – act fast!