More than 135 million Internet modem can be controlled remotely

By exploiting the flaw, more than 135 million modem can be controlled remotely, thereby cutting Internet connection of the user. This error exist on modem Arris SURFboard SB6141, network devices are common in many countries in which there are millions of households in the United States. Security researcher David Longenecker discovered a “rather silly” problem and told equipment manufacturer. Specifically, Arris does not require password authentication users when on the page management on the modem. Therefore, any attacker would also be able to configure the device by accessing to the address 192.168.100.1 without impediment. From here, hacker easily reboot the modem through the interface manager and users will lose Internet for 2 to 3 minutes until the device finished booting. Moreover, the attacker can configure or reset the modem, made the Internet lose long more or need to call technical support can use back. According to security experts, the error on can be overcome by bringing out a firmware update, which requires authentication before the user to reboot or reset the modem. Manufacturer has not released the patch for this vulnerability. According to So Hoa.