Millions of Modems Vulnerable in Brazil

Over the past couple of years millions of DSL modems in Brazil were discovered to have several vulnerabilities that made it very easy for hackers/crackers to get into them and use several different exploits. Many people install their networking devices, such as modems, and completely forget about them. This helps when hackers “attack” because people do not often check their modems.

One of the worst exploits allowed a Cross Site Request Forgery (CSRF), which allowed attackers to capture the passwords on modems. With the password, hackers could access the modems and change basically any setting they wanted to. One of the most popular things to change was DNS settings which would cause websites to be redirected to other websites, which the attacker could be controlling.

The problem was not caused by any specific model, manufacturer, or ISP, but actually the chipset driver that most modem manufacturers use. (In this case, the chipset driver that National Telecommunications Agency of Brazil approved.)

Attackers set up a dedicated server to sweep a set range of IPs for vulnerable modems and once a vulnerable modem was discovered, exploits were performed on that modem. Attackers would change the password and then use various exploits to attack the modem. Attacks were registered with 6 different hardware manufacturers and all major ISP providers in Brazil, which resulted in about 4.5 million modems being attacked.  The attackers registered 40 malicious DNS severs, almost all outside of Brazil, to perform their attacks.

The main goal of most of these attacks was to steal the banking information of Brazilian customers. They did this by 1. redirecting users to fake banking websites and 2. installing malware on user’s computers. The malware was often installed when users would access a website, such as Facebook, they would be prompted to install a ‘plugin.’

Source:

http://www.securelist.com/en/blog/208193852/The_tale_of_one_thousand_and_one_DSL_modems

Advertisements

7 thoughts on “Millions of Modems Vulnerable in Brazil

  1. I think this is the perfect example of the negative effects when governments attempt to regulate the internet or computing hardware. Hopefully this will set an example for other countries to follow.

    • I agree in a way. I think having standards for all devices connected is a necessity though. They shouldn’t regulate the devices to that extent and limit people to buying only one product. Honestly it seems like this is the effect of corruption and someone payed to have their product used exclusively.

      • Consumers were not limited to a specific product. It was more that manufacturers were limited to using a specific chipset in their modems, which I’m not sure was the best idea either.

  2. Small mistakes like that one mostly cause big issues for people and government. the National Telecommunications Agency of Brazil should have put some rules for using these DSL devices and they should have checked with all telecommunication companies about what kind of devices and what rules they have made for using these devices !!

    • I agree, to an extent. I don’t think the government can be checking every single electronic device in the country. If consumers would have patched their modems (not that many probably know how to even do this), many of these exploits would have been avoided. Not everything can be blamed on the government.

  3. So I guess in this case it’s similar, to a degree of course, to the hacked office copy machines. We were talking about this in class and I think it was mentioned that these copy machines have some sort of Windows OS installed. Either way I personally tend to overlook these devices and their like as potential entry points for hackers.

    • Very true. Most people do not expect their modems, office machines, or even cell phones, as we have discussed previously, to be a weak spot where they can be exploited and attacked. People need to be much more cautious when securing their devices.

Comments are closed.