Deploying two backdoors in its hardware products, a cable
modem manufacturer, Arris, put the modems at the risk of being hijacked.
Though the company added two backdoors just to be sure of
security, but it turned out to be a major flaw risking around 600,000 cable
modems.
This flaw was discovered by a Brazilian security researcher,
Bernardo Rodrigues who explained in his blog post that as cable modems already have
a backdoor in their firmware, they get affected by another backdoor.
The first backdoor is activated via the admin’s password
which loads the library on the modem. When users or attackers will access the
backdoor, they will be able to access the modem and enable SSH or Telnet ports
which in turn will help them to launch more powerful sessions.
When Rodrigues analyzed the backdoor deeply, he found
another backdoor which launched a BusyBox shell which could be accessed by last
five digits of the device’s serial number and later the researcher created a
tool which could generate this password automatically.
BusyBox shell is a software package that provides various
UNIX utilities inside an executable file which is usually used on embedded
devices where memory and storage restrictions cannot allow a more powerful
Linux Operating system to run.
The company was warned about the flaw in first backdoor back
in 2009 and it assured of fixing it but till now they did not bother to fix it.
After the major flaw in second backdoor was discovered, the researcher gave the
company time to fix it but when they failed to do so, he published his findings
after 65 days.
One should avoid consumer grade routers if they care about
the security of their router because the ISP can configure the router/gateway
in an insecure way.
Moreover, now-a-days, router software is developed cheaply.
Security seems hardly a concern for the manufacturers.