Identifying the Cable Haunt Vulnerability Using the Centrifuge Platform®

by Feb 5, 2020

Cable Haunt is a critical vulnerability in the firmware of cable modems disclosed in January 2020 by the team at Lyrebirds in Denmark. With this vulnerability external attackers can exploit a buffer overflow to take control of the modem… including potentially changing the modem firmware, redirecting user traffic, or making the cable modem participate in a malicious botnet. It is estimated that hundreds of millions of cable modems are impacted by this vulnerability. More details about Cable Haunt can be found here.

This vulnerability emphasizes two key points we have been making at ReFirm Labs:

1. Vulnerabilities in embedded software (firmware) that runs IoT devices like cable modems are an attack vector that has traditionally been overlooked. Companies and consumers need to be aware of the security of the devices they are deploying on their networks, just as they are concerned about the security of applications and web sites they deploy.

2. Supply chain security needs to be top of mind for device manufacturers. The reason this vulnerability is present across so many vendors and devices is because the vulnerability is in a core piece of software delivered with one of the building blocks of most cable modems – the eCos-based cable modem middleware from Broadcom. Visibility into the security of 3rd party components is essential to building a secure device.

On February 4th, 2020 we deployed a new analyzer to the Centrifuge Platform, our automated firmware analysis platform which detects the presence of the Cable Haunt vulnerability in eCos-based firmware images.

Cable Haunt Analyzer for Centrifuge

Given a binary-only image of the Broadcom-based portion of the cable modem firmware image, Centrifuge will extract the full eCos image and conduct analyses to identify if the Cable Haunt vulnerability is present. This can be used by device manufacturers and cable operators to ensure that they are delivering solutions to their customers that are protected from this exploit.

This is an example of the many exploit, malware, and backdoor detectors in the Centrifuge Security Checklist. Centrifuge also analyzes firmware across a number of areas, including cryptographic and password weaknesses, automated reverse engineering to discover potential 0-days, libraries with known vulnerabilities, weak binary hardening and much more.

Find out more. Contact us today.

Recent Posts
Embrace IoT Security Compliance or Die a Slow Death

Embrace IoT Security Compliance or Die a Slow Death

IoT Security Compliance. IoT Security Standards. IoT Security Frameworks. All new buzzwords that are picking up steam. So imagine our surprise when we talk to IoT device manufacturers about why they continue to ship products with bad security and the reason they don’t fix it.

How to Compare Two Different Binary Files

How to Compare Two Different Binary Files

One of our favorite new capabilities in the Centrifuge Spring ‘20 release is Firmware Differencing. This is how to compare two binary files quickly and efficiently for Linux, QNX, and VxWorks. But that’s not all it compares!

How to Enforce IoT Security Standards and Compliance

How to Enforce IoT Security Standards and Compliance

With all of these certification standards and compliance regulations, conducting product cyber-security assessments quickly becomes very complicated and expensive. Here’s how to save time and money.