Modems, ISPs & the media How the Comhem vulnerability could
have been handled, and what happened instead Slide 2 Who am I?
@johanRmoller Penetration Tester @ Omegapoint Podcaster @
Skerhetspodcasten Annoyer of ISPs Slide 3 This talk is about How I
hacked my own modem How Comhem handled my bug report How I worked
with the media to force Comhem into handling it better How they
still failed And finally How it should have been done Slide 4 Lets
go back a while All the way back to August, 2013 Slide 5 I live in
a ComHem house Which means I get one of these: Slide 6 Its my
gateway to the internet I decided to see if I could hack myself.
There where two obvious ways to go about it. Slide 7 Pros &
Cons Firmware Analysis Pros Can find stuff not obvious on the web
interface Could possibly reprogram the modem Could find cooler
vulnerabilities Cons Could brick my modem Lots of work Not my area
of expertise Web Interface hacking Pros Easy and quick Could find
really stupid vulnerabilities Little to no risk of damaging the
modem Cons I wouldnt be learning anything new Soldering is cool!
Wont find hidden stuff Slide 8 The web interface Slide 9 Fiddling
around with burp Slide 10 Finding CSRF Vuln Slide 11 Impact of the
CSRF vuln Changing DNS Harvest account details Spread malware Steal
Credit Card and bank details Port Forwarding Expose internal
network to internet Turning on remote admin Changing all modem
settings Stealing stored passwords (wifi passwords stored in
cleartext) Downgrade security DOS Brick the modem Slide 12 Hardware
hacking Slide 13 Slide 14 Analyzing firmware Slide 15 Sending the
bug report Slide 16 ComHem Responds Slide 17 A year goes by Slide
18 What is responsible disclosure? Slide 19 Slide 20 Slide 21 Slide
22 Comhem Responds Slide 23 Comhem responds again The DNS problem
only exists in Stockholm -Comhem Slide 24 Slide 25 Comhem locks
down DNS Limiting their modems to only using Comhems DNS. This
still doesnt solve the following problems: Port Forwarding Expose
internal network to internet Turning on remote admin Changing all
modem settings Stealing stored passwords (wifi passwords stored in
cleartext) Downgrade security DOS Brick the modem Etc Slide 26
Minister proposes Law Change and PTS investigates Slide 27 Comhem
solves the problem On the 14 th of November a firmware update
finally arrives, solving the problem. At this point, the media
attention has died down Noone cares that the issue is resolved The
damage to Comhem is already done, and cant be reversed at this
point Slide 28 What did we learn How should they have done it? Can
we help our clients and companies handle these issues? What is it
like to deal with the media Knowing what you want to say and being
able to back it up Slide 29 Evil DNS - Swedbank
