Techly NewsGet the app

Get the latest tech news

Hacking millions of modems and investigating who hacked my modem


Two years ago, something very strange happened to me while working from my home network. I was exploiting a blind XXE vulnerability that required an external HTTP server to smuggle out files, so I spun up an AWS box and ran a simple Python webserver to receive the traffic from the vulnerable server.

Without actually having a Cox business account myself, I opened the login page for the portal and grabbed a copy of the main.36624ed36fb0ff5b.js file that powered the core functionality of the app. This series of vulnerabilities demonstrated a way in which a fully external attacker with no prerequisites could've executed commands and modified the settings of millions of modems, accessed any business customer's PII, and gained essentially the same permissions of an ISP support team. Thanks to Gal Nagli, Brett Buerhaus, Mathias Karlsson, Nathanial Lattimer, Maik Robert, Shubham Shah, Joel Margolis, Justin Gardner, Daley Borda, William Tom, and Ebrietas for reviewing the draft version of this blog post.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Millions

Millions

Photo of modems

modems

Related news:

News photo

Cox fixed an API auth bypass exposing millions of modems to attacks

News photo

FCC ends high-speed internet subsidies as funds expire | Millions of low-income Americans could see rising internet costs

News photo

PayPal Is Planning an Ad Business Using Data on Its Millions of Shoppers

« Ganjifa
Saab’s 385% Rally Looks Like It’s Running on Fumes, Analysts Say »