On Monday Kaspersky researcher Fabio Assolini reported that hackers exploited a firmware vulnerability in DSL modems used in Brazil to launch a "sustained and silent mass attack" on the country's web surfers. This attack on Brazil originally began back in March 2011.
According to the report, the attack consisted of two malicious scripts, forty malicious DNS servers, and one outdated Broadcom chipset driver used in 4.5 million DSL modems offered by six manufacturers. The flaw allowed a Cross Site Request Forgery (CSRF) to be performed in the administration panel of the DSL modem, capturing the password set on the device and allowing the attacker to make changes.
"The attack was quite simple," Assolini reports. "Criminals swept the internet in search of exposed modems on the network. Even if you have a strong password configured on the device, the flaw allows an attacker to access the control panel, capture the password, log into the device and make changes."
Assolini said the attackers used two bash scripts that were executed in a dedicated server purchased exclusively for this purpose. A range of IPs was set to be scanned and tested by the script, and whenever a modem was found, an attempt to exploit the flaw was performed.
Once the modem was accessed, the hackers launched another script called "roda.sh" that would access the modem's administration panel and change the configuration of its DNS settings. The password would be changed as well to prevent the owner from making changes to the modem later on.
"The [exploit] situation is further complicated by the fact that even without the vulnerability, many modems are shipped with default passwords that are publicly known and users often fail to change these defaults," he writes. "Other modems are set up when local ISPs enable remote access accounts, mostly used for tech support, and these credentials are known by criminals."
Even more, some manufacturers neglected to act even after they were told about the issues, he says. That means users were exposed to attacks, as companies were slow to release the necessary firmware upgrades to solve the problem. "The negligence of the manufacturers, the neglect of the ISPs and ignorance of official government agencies create a perfect storm, enabling cybercriminals to attack at will," he adds.
By March 2012, CERT Brazil announced that the attacks had compromised about 4.5 million modems in Brazil alone. This finally prompted banks, internet providers, hardware manufacturers and government agencies to meet to discuss a solution to the problem. Customers by then were flooding tech support call centers, demanding a solution. Eventually several manufacturers released firmware updates to current the problem.
To read the full story, head here.
Under the RED "add your comment" button is a link to "Read the comments on the forums"
click it, find your message down at the end and there is an edit button there; apparently only until someone leaves a reply or vote on your original comment.
Besides, the modem Comcast provided is more than enough for my connection tier (24mbit/s burst / 16mbit/s sustained). You only need a better modem when your connection tier exceeds 50mbit/s and that is not cheap in the US due to the cost of laying cable over our LARGE LAND AREA (hear that tiny, tiny countries of the world with cheap high-speed internet), and of course the ridiculous ISP monopolies that plague almost all residential areas may also have something to do with the jacked service fees, but that's another battle.
I'm still one of the lucky ones to even have decent internet and even more so to be one of the few to not have any real bad experiences with Comcast (shocking I know). My only wish is that someday my upload speed will match my download speed. Seriously, sending large files takes forever, but at least the connection is extremely stable. Never had a dropout or excessive latencies before *knock on wood*.
To all the Canadians and Australians of the internet, my deepest condolences.