Cable Modem Hackers Release Improved Firmware 419
FatCat writes "SecurityFocus has a story about a group of hardware and software hobbyists specializing in embeddded systems who've released their own custom firmware for Motorola Surfboard cable modems. The firmware lets you log in to an interactive VxWorks shell, or issue commands from a Web browser through an http interface. You load it by tapping an undocumented console serial port on the circuit board. So far, uncappers are apparently the primary consumers, and they're downloading up to 400 copies a day."
My Opinion (Score:5, Interesting)
Im just going to sit back for a while and hope something good comes of this... maybe cable providers will find that fighting with these people isnt worth the hassle.
dropped carrier (Score:5, Interesting)
VxWorks? (Score:4, Interesting)
What will the companies do? (Score:5, Interesting)
Given this, and the actions of DirectTV towards those who buy smartcards, I wonder what the cable companies will do.
Will they ignore those who download these firmwares for the advanced features like the remote terminals and have no intention of uncapping, or will they treat everyone who re-flashes their firmware as a "criminal".
Very neat (Score:2, Interesting)
Increasing Speed (Score:5, Interesting)
rus
Monopoly (Score:5, Interesting)
Content filtering on outoging packets? (Score:3, Interesting)
Is it "bad netizenship"? (Score:5, Interesting)
If everybody "uncapped", would the result be enough net congestion that everyone would wind up getting "capped" speeds again? Is this a netizenship question?
As far as the ISP detecting "uncapped" cable modems, which has already been mentioned on this topic, I'd have to offer that my local cable provider employs so many utterly inept techs that they have trouble detecting when someone hooks up an unauthorized line to the pole, much less a change in the modem itself. That's why I've stuck with DSL -- 2 years with zero downtime, including a hurricane, while my cable service is down 3-4 times a week.
Re:My Opinion (Score:3, Interesting)
Sniffing (Score:3, Interesting)
If you got a shell from the modem, could you then sniff the traffic?
Just curious.
Re:confused (Score:5, Interesting)
Re:Hmm... (Score:5, Interesting)
Re:Hmm... (Score:5, Interesting)
How to handle uncappers fairly? (Score:5, Interesting)
I'm not the SysAdmin, just a concerned employee.
Not just uncapping (Score:1, Interesting)
Re:Loss of service (Score:2, Interesting)
Aside to Michael and FatCat: It's spelled "hobbyist".
Re:This shouldn't even be possible (Score:3, Interesting)
That's what is so cool about the DSL world, everything happens on that DSLAM, so the telco has control over your speeds.
Let's say you upgrade to a faster speed... Well remotely push an update to the port card you tie into that's in the DSLAM, then push an update to the modem and bam... You speed is upgraded.
The coolest thing to do is queue up a large download on the users PC, then push the updates to the modem and the DSLAM and you can actually see the speed increase.
Then you can even remotely tweak the line that the DSL is running on... Not getting full speed that you are rated at? No problem just bump the voltage on the line a little bit and normally the problems is fixed.
I work for a cable ISP... (Score:3, Interesting)
As for the question "why is the bandwidth capping happening at the cable modem?", I beleive the answer is that it has to so that the CMTS bandwidth (the bandwidth on the cable plant between the modem and the cable router) is not used up. But that's not to say that the bandwidth you use at the cable router end isn't closely monitored. Hence why you will get shut off in no time flat when you start to exceed your provisioned bandwidth.
They got too much attention... (Score:3, Interesting)
http://www.tcniso.net/
Screw uncapping, I just want my diagnostics back. (Score:5, Interesting)
As I own that hardware, I feel I have a right to see how well it's working. Many issues (Like signal loss) would likely be within my own home and something I could fix. This software would probably let me read this information, however, as I don't own one of the modable products I'll probably look for one with all the info I want on a web page rather than getting a hackable one.
Re:I work for a cable ISP... (Score:2, Interesting)
Re:My Opinion (Score:3, Interesting)
You forgot the second half of that (Score:3, Interesting)
Re:so the question becomes (Score:3, Interesting)
Re:My Opinion (Score:2, Interesting)
As an extremely dissatisfied Sprint PCS customer (service was terrible in my area) I was looking for any way to break free from my contract, which I was unable to do a number of months without paying a $150 cancellation fee.
Upon receiving a notice from Sprint PCS that they would start charging for the previously free-of-charge service that allowed you to check your airtime usage from your phone, I called them and asked that my contract be terminated immediately as these were not the terms I had agreed to at the time I signed the contract. They offered me a better deal in an attempt to convince me stay with their service, which I declined, and happily closed my accout.
I advised my friends who were also hoping to leave their Sprint PCS contracts to do the same when they started charging a "Number Portability Tax" (this too before it was implemented), and they encountered similar success.
IANAL, but it seems to me that should you wish to terminate your contract when they change the terms you have a very firm legal ground to stand on. Whether or not they can terminate the contract when they change the terms, however, is another story.
Re:Hmm... (Score:3, Interesting)
What does a game need to send to the server?
- Character data (who you are, what you're saying)
- Positioning data (where you're at)
- Action data (spells you're casting, etc)
- Item data
The latter is where problem start: People can hack an item to give them whatever power they want. Then the client says "I'm doing 1,000 points of damage with my bare hands" and the server just eats it right up. There's no reason why this data cannot be checked! When I attack, the conversation should be:
Client: Attacking Hog Troll 125421 for 850 points of damage.
Server: OK, you're holding no weapons and wearing no armor. I know this because the last time you modified the items on your character, the client sent the data to me. The max damage you can do with your current outfit is 5, so I don't know what you're smoking. Request denied.
Re:Hmm... (Score:3, Interesting)
Your analogy to the phone system is flawed though. Speakerphone, answering machines (voicemail), people talking over HAM radio instead of picking up the phone all involve nothing which harms the Telco, or your neighbors. When you sign up for service, you agree that you will buy 1.5m/256k for $60/month. When you uncap your modem, you now use much much more than that, but at the same price. I would go after you as well.
If I generated electricity in my back yard with buttered toast and a cat, and then agreed to sell you a kilo-watt of energy every hour, hooked you up to a transformer which would only provide that much juice, and you came in and recalibrated it to give you two kilowatts per hour, I would either bill you twice as much, or cut you off. The only difference there is I'm not "the big bad cable company" nor THE MAN.
Plus, why not ditch your $60/month internet, and go with $30/month DSL, anyways? OR did that $60 include some form of CATV watching as well? I bet you want free HBO as well, since it's just a config in the box restricting you. It's just the lock on my door keeping you out of my house. I'll hit you with a baseball bat if you break it, though.