Vulnerabilities of AT&T Modems
There are 5 vulnerabilities that have been discovered by Nomotion Software in AT&T modems manufactured by Arris. As of September 6, 2017, there have not been any solutions offered by AT&T or Arris. Below is the list of known vulnerabilities.
- Models NVG589 and NVG599 enable Secure Socket Shell (SSH) and contain hardcoded credentials.
- Default credentials on NVG599 can be used to access the web server.
- The NVG599 model is susceptible to a command attack.
- Service on Port 61001 allows sensitive information to be obtained if the device’s serial number is known.
- The sensitive information obtained can then be used to bypass the firewall without authentication.
While these are the known vulnerabilities, it is possible that hundreds of others may exist. Joseph Hutchins, an employee of Nomotion Software, offers technical solutions for each of the vulnerabilities. The issue is that these solutions are difficult to implement by consumers who are not tech-savvy. Users should call AT&T tech support for updates and assistance.
CloudNexus recommends installing your own firewall/router in front of the ISP equipment and change settings as necessary to protect yourself. Granted, this can be a challenge for many home network users. Cable providers and home internet providers that provide equipment to the end user have two goals in mind:
- Make it easy for the end user to do whatever they want on their internet service.
- Prevent attacks such as Denial of Service attacks that could take away bandwidth that they could otherwise resell to the consumer.
The challenge with the first part is that they leave a lot of ports and pass through features open. This can cause your internal home network to have significant security exposure. The same can be said for buying a firewall or router and not configuring it correctly. The opportunity with owning your own is that you control the device. Regularly checking for firmware updates is key as well as monitoring the “End of Life” dates for a device. Once the End of Life date hits, there will be no additional support for new security issues and you will need to buy a new device. ISP routers and modems typically stay in place at your home until it becomes too difficult for the ISP to manage it remotely and automatically.
A point about the second item is that we have seen AT&T peddle a new security service to businesses. They deploy a firewall device on premise and manage it. We have seen FortiGate 100e devices deployed thus far. We like FortiGate as a security product, but that is not the issue. We were told that there have been many denial of service attacks on businesses that are causing significant bandwidth drains from AT&T and other ISPs. They guarantee bandwidth to their customers so this hurts their bottom line. If you can solve a problem and have the customer pay for it, it is a win/win for AT&T. It is not a bad service, we just want to point out where the motivation for it comes from to help put things into perspective.