135+ million cable modems vulnerable to denial of service attacks

Have you noticed that sometimes your internet service goes down, only to come back a few minutes later? It might be a vulnerability in your cable modem. If you have an Arris SurfBoard SB3141 you don’t need to panic, because that won’t help in any case, but your modem is actually open to denial of service attacks, and the only solution is likely to have a cable technician to come to your home or office.

The problem is the way the Arris SB3141 handles authentication and cross-site requests, according to a report from Clicking on a disguised link on a website or in an email can cause a service interruption. If that happens your modem will likely reboot or reset. With a reboot, your internet service should come back promptly; a reset takes longer and you may even have to call the cable company to have them reactivate your modem.

Related: Comcast begins rolling out its new DOCSIS 3.1 gigabit Internet service

In a statement to Zdnet, Arris stated that only a subset of the SB3141s are in jeopardy. The company also reiterated that it is unaware of any exploits of the authentication vulnerability, which was documented way back in April 2008, and that the company has recently released a firmware update.

Unfortunately there’s no way for you to check whether your modem is on the good list or the maybe-no-so-good list. Major cable internet providers including Comcast, Time Warner Cable, or Charter sent the Arris (formerly Motorola) cable modems to millions of new customers. You can also buy the highly rated SB3141 DOCSIS 3.0 modem on Amazon (4.5 stars from 9,158 reviews).

The firmware upgrade isn’t one that can be installed by users, so if you have a vulnerable SB3141, a technician will have to pay a visit. The best course of action: call your cable company about the firmware upgrade and get on the list if needed. And in the meantime, be ever more vigilant about clicking on unknown websites and unexpected links in email or online messages.

Leave a Reply

Captcha image