Cybercriminals can exploit a critical vulnerability in Broadcom
chips, a hardware and software component in most of the world’s cable modems, to
intercept private messages and redirect traffic, and change default DNS
servers, MAC addresses of associated devices and serial numbers, according to a
published by Danish security researchers.
The vulnerability, dubbed Cable Haunt, is estimated to have
affected more than 200 million devices in Europe alone. The number could be
much higher, considering that the original software was copied by different companies
in the manufacturing process of the firmware.
Of particular concern is that this newly discovered
vulnerability lets remote attackers execute random code on a modem, which is
responsible for all the Internet traffic that goes on your network and
In addition to its firmware programming errors, researchers
pointed out that the spectrum analyzer of the Broadcom chip uses default
credentials and lacks protection against DNS rebinding attacks.
The good news is that most Scandinavian Internet service providers (ISPs) report that they have already patched the affected devices, while the team responsible for the discovery has set up a dedicated website for users to track developments.