When his cable modem service seemed to slow almost to a crawl last spring, Matthew Hallacy did like most people and complained to technical support at his Internet service provider, AT&T Broadband.
But after the sluggish performance persisted for weeks, Hallacy, a Minnesota-based software engineer and networking expert, decided to take matters into his own hands: he hacked his cable modem.
It wasn't long before Hallacy, 21, devised a trick for modifying an obscure configuration file used by the service to control the settings in his 3Com cable modem.
A few tweaks later, Hallacy's $50-per-month service, which had been downloading data at a poky 75 kilobits per second (Kbps), was sweetly humming along at much brisker speeds in both directions.
According to Hallacy, he hacked the modem just to prove that AT&T's network management, and not his modem, was the performance bottleneck, and he immediately changed the settings back.
Click the "..Read more" link for more details on this interesting, possibly old method of trying to persuade your cable modem to allow you to pump more bandwidth that you actually get!
But after the sluggish performance persisted for weeks, Hallacy, a Minnesota-based software engineer and networking expert, decided to take matters into his own hands: he hacked his cable modem.
It wasn't long before Hallacy, 21, devised a trick for modifying an obscure configuration file used by the service to control the settings in his 3Com cable modem.
A few tweaks later, Hallacy's $50-per-month service, which had been downloading data at a poky 75 kilobits per second (Kbps), was sweetly humming along at much brisker speeds in both directions.
According to Hallacy, he hacked the modem just to prove that AT&T's network management, and not his modem, was the performance bottleneck, and he immediately changed the settings back.
Click the "..Read more" link for more details on this interesting, possibly old method of trying to persuade your cable modem to allow you to pump more bandwidth that you actually get!
But after successfully testing his technique for friends on other cable modem services - and studying further the specifications for DOCSIS, the standard interface used by most cable modem manufacturers - Hallacy decided he had uncovered a bona fide security vulnerability.
This week, Hallacy submitted a description of his technique to two e-mail discussion lists run by SecurityFocus.com that are read by thousands of computer security aficionados.
But the description by Hallacy may be the most specific ever posted to such a public forum. And experts said his claim that not only AT&T but also some Comcast and Time Warner cable systems are vulnerable, may spur operators to make changes to their networks - or risk similar poking and prodding by other networking gurus.
In some instances, the technique could potentially be exploited even to take control of a cable ISP's gateway computers, alter their network routing, and shift large amounts of traffic to a specified destination, Hallacy claimed.
Dave Ahmad, moderator of the Bugtraq security mailing list, said he did not immediately approve Hallacy's submission because it described "how to evade (cable operators') service restrictions" and because he was "not sure what the benefit was to the community. Who is at risk if the information is not made public?"
Ahmad posted his comments, along with Hallacy's advisory, in a message Tuesday to the Vuln-Dev list, which published a pared back version of Hallacy's report on Monday.
Hallacy said he debated the morality of publishing his hacking instructions, but finally decided to do so as "a little bit of a smack in cable companies' direction. People are exploiting this. It's one of the reasons there's not enough bandwidth on some nodes, and they need to fix it."
News source: Newsbytes
View: Original submission on Bugtraq's vuln-dev mailing list (by Dave Ahmad)
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.