Cable Modem Hackers Release Improved Firmware 419
FatCat writes "SecurityFocus has a story about a group of hardware and software hobbyists specializing in embeddded systems who've released their own custom firmware for Motorola Surfboard cable modems. The firmware lets you log in to an interactive VxWorks shell, or issue commands from a Web browser through an http interface. You load it by tapping an undocumented console serial port on the circuit board. So far, uncappers are apparently the primary consumers, and they're downloading up to 400 copies a day."
Loss of service (Score:5, Informative)
Re:Loss of service (Score:1, Informative)
Re:confused (Score:4, Informative)
This is not actually true; "56k" modems are actually capped at 53k due to FCC regulations. I looked quickly on google and I couldn't figure out why they are capped and it doesn't really matter because almost no-one has a high enough quality phone line to get this rate. But there could be some dial-up hackers out there trying to get an illegal 3k.
Re:This shouldn't even be possible (Score:2, Informative)
Doesn't sound wise.. (Score:3, Informative)
Or even better, can hackers reach this shell from the outside?
Sounds like a good way to lose your service and wind up in court.
This won't last long (Score:5, Informative)
Re:Loss of service (Score:2, Informative)
Re:dropped carrier (Score:3, Informative)
they dont have to take any special/extra time to crack down on them - they can check that with scripts, flag the account, and disable the modem.
Re:What will the companies do? (Score:2, Informative)
Re:This won't last long (Score:3, Informative)
Since essentially they are overwriting almost all of the programable material on the boxes wouldn't this be simple task?
Although you'd run the risk of your ISP saying if (modem.firmware != current_version) {disconnect_service}, I'd say that'd effect their QoS if some of the customer boxes didn't accept the update.
Re:confused (Score:2, Informative)
the allowed power band."
Re:Loss of service (Score:5, Informative)
When the first round of "cable modem uncapping" documents started floating around to the masses I found plenty of open tickets that had been forwarded to the "legal department" for possible action. Most people had uncapped their modems to 10mbit/10mbit.
Apparently they had a script that ran that checked for this as they had quite a few open tickets all over the place. I guess it was not hard to find.
They would disable your modem, forcing you to power-cycle it. Then your modem would download a new, correct, config file. If they found that you were AGAIN in violation you were terminated.
Some people did not lose their service but most did.
Re:Hmm... (Score:4, Informative)
You have obviously lost touch with your inner lawyer.
IMHO, the best solution is to alter the terms of all contracts with users (those who wish to cancel service can do so)
Re:This won't last long (Score:2, Informative)
See, in deployed network, where you don't have physical access to the box you can't afford to not be able to communicate with it.
So a company like Motorolla would not allow this to be a 'changable' option in the first place.
Re:Is it "bad netizenship"? (Score:2, Informative)
That was actually George Mallory who died whilst climbing Everest on June 6, 1924.
T1? Don't think so. (Score:2, Informative)
Re:so the question becomes (Score:3, Informative)
Re:Loss of service (Score:2, Informative)
This must be one of the most tired, and specious, arguments of all time. Though the signals may, indeed, be "in your house", those that you are clearly not paying for are protected, in some way, to inhibit you from accessing them if not authorized. You breaking open that protection to access whatever you want, to use your words, "is theft". It is that plain, it is that simple.
Here's another analogy like yours: Since you live in your parent's basement still, you must get your mail at their house, right? Every day your Mom picks up the mail that drops through the slot on the front door. Since they're "in her house" she can open whatever ones she wants, including yours, right? Bzzzzt. Wrong answer, thanks for playing. That letter that was addressed to you, though clearly "in her house" is not legally hers to open. Nor are those "extra" signals from the Spice channel that you're not paying for but want so desperately to see.
Re:so the question becomes (Score:2, Informative)
All bandwidth is a shared medium. DSL to your house is not shared between you and the CO but that unshared segment is useless. Everyone in your neighborhood uses that same CO and you all are sharing the pipe the CO has. Not much different then a CM. I'd imagine a T1 from that CO to your house would share the same upstream also. If your CO has a good pipe you may not notice it, if it is small, you all will suffer the same. I do not know under what conditions the responsible CO party decides that the CO bandwidth needed upgraded but I'm sure
Slow Upstream (Score:3, Informative)
-Lucas
Re:Loss of service (Score:2, Informative)
Re:so the question becomes (Score:3, Informative)
Might be useful for the few geeks they don't leave their machines on 24x7.
Re:My Opinion (Score:3, Informative)
There's two sides to how much bandwidth is allowed to your cable modem, the modem, and the headend, called the CMTS (Cable Modem Termination System). As part of the modem's configuration file, there's either a Class of Service (DOCSIS 1.0) or a Quality of Service (DOCSIS 1.1/2.0) that controls how much upstream and downstream bandwidth you can get. On the CMTS, you can setup policies that dictate how much upstream and downstream bandwidth the CMTS will allocate per modem.
Most operators enforce the limits at the CMTS end (additionally specifying it in the modem config file), so that the values given to the cable modem are used just so that the modem doesn't waste it's time trying to push out/grab more bandwidth than the CMTS will let it have (in that case, the CMTS just wastes clock cycles in dropping packets from modems). However, if you don't enforce the values at the headend, then whatever the modem thinks are the correct values stands, and if you alter the config file, well, you've just increased your bandwidth.
-- Joe
Re:Screw uncapping, I just want my diagnostics bac (Score:3, Informative)
Re:CABLE MODEM MAC CLONING (Score:1, Informative)