<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
     xmlns:content="http://purl.org/rss/1.0/modules/content/"
     xmlns:dc="https://purl.org/dc/elements/1.1/"
     xmlns:dcterms="http://purl.org/dc/terms/"
     xmlns:media="http://search.yahoo.com/mrss/"
     xmlns:atom="http://www.w3.org/2005/Atom"
>
    <channel>
                    <atom:link href="https://www.nexttv.com/feeds/tag/cable-haunt" rel="self" type="application/rss+xml" />
                            <title><![CDATA[ Latest from Next TV in Cable-haunt ]]></title>
                <link>https://www.nexttv.com/tag/cable-haunt</link>
        <description><![CDATA[ All the latest cable-haunt content from the Next TV team ]]></description>
                                    <lastBuildDate>Mon, 10 Feb 2020 13:00:00 +0000</lastBuildDate>
                            <language>en</language>
                                <item>
                                                            <title><![CDATA[ Industry Spooked by ‘Cable Haunt’ ]]></title>
                                                                                                                                                                                                <link>https://www.nexttv.com/news/industry-spooked-by-cable-haunt</link>
                                                                            <description>
                            <![CDATA[ Industry Spooked by ‘Cable Haunt’ ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">jd9DkhdUaM7Gy4bMVrrNcV</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/EmPXu59hZE5ZD5cVHcAZp4-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 10 Feb 2020 13:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Technology]]></category>
                                                                                                <author><![CDATA[ daniel.frankel@futurenet.com (Daniel Frankel) ]]></author>                    <dc:creator><![CDATA[ Daniel Frankel ]]></dc:creator>                                                                                    <dc:source><![CDATA[ http://cdn.mos.cms.futurecdn.net/7wBJVmzcn7E9PQZWPFQsH7.jpeg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/EmPXu59hZE5ZD5cVHcAZp4-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/EmPXu59hZE5ZD5cVHcAZp4-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Halloween came early for the cable technology world in January, when four Danish internet security researchers identified “Cable Haunt,” a security flaw affecting more than 200 million cable modems equipped with Broadcom chips in Europe alone.</p><p>The Cable Haunt vulnerability is focused on the spectrum analyzer, a standard component of Broadcom silicon that protects modems from signal surges and other disturbances piped in by the coax.</p><p>The spectrum analyzer is often used by internet service providers for debugging and improving connection quality. Access to it is typically limited to connections originating within the managed network.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="EmPXu59hZE5ZD5cVHcAZp4" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/EmPXu59hZE5ZD5cVHcAZp4.jpg" mos="https://cdn.mos.cms.futurecdn.net/EmPXu59hZE5ZD5cVHcAZp4.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Researchers at Danish firm Lyrebirds said the Broadcom chipset’s spectrum analyzer is vulnerable because it uses default credentials and lacks protection against denial of service-based “rebinding attacks.” They also said the chipset contains a firmware programming error.</p><p>Hackers could exploit the vulnerability and get users to accept malicious web pages, researchees said. Once that’s done, hackers could change default domain name system (DNS) servers; conduct remote man-in-the-middle attacks; swap code and change firmware, config files and MAC addresses; and do other evil things.</p><p>The vulnerability is widespread, they added. “The reason for this, is that the vulnerability originated in reference software, which have seemingly been copied by different cable modems manufacturers, when creating their cable modem firmware,” the researchers said on cablehaunt.com, a website they set up to publicize the issue. “This means that we have not been able to track the exact spread of the vulnerability, and that it might present itself in slightly different ways for different manufacturers.”</p><p>The group also published a white paper accessible on the site. They hope that ISPs and other tech firms release firmware updates and patch any vulnerabilities.</p><p>Broadcom said it released several firmware fixes last year. Others have released fixes, too. Meanwhile, ZDNet, which had engineers probe the vulnerability, described an attack using Cable Haunt as being “very hard to pull off.”</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Minim Introduces Cable Haunt Virtual Patch ]]></title>
                                                                                                                                                                                                <link>https://www.nexttv.com/news/minim-provides-patch-to-stop-cable-haunt</link>
                                                                            <description>
                            <![CDATA[ Minim Introduces Cable Haunt Virtual Patch ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">mkHPv5ZAfMdDtsuPppjJT5</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/upW7SSjkCWoCP7eWiJHDKi-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 24 Jan 2020 20:26:53 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Technology]]></category>
                                                                                                <author><![CDATA[ daniel.frankel@futurenet.com (Daniel Frankel) ]]></author>                    <dc:creator><![CDATA[ Daniel Frankel ]]></dc:creator>                                                                                    <dc:source><![CDATA[ http://cdn.mos.cms.futurecdn.net/7wBJVmzcn7E9PQZWPFQsH7.jpeg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/upW7SSjkCWoCP7eWiJHDKi-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/upW7SSjkCWoCP7eWiJHDKi-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Minim, a maker of AI-driven WiFi and IoT security software, has announced a new virtual patch to detect and prevent attacks exploiting “Cable Haunt,” a vulnerability affecting hundreds of millions of cable modems around the world with certain Broadcom chips.</p><p>“We had to pounce on Cable Haunt,” said Alec Rooney, Minim co-founder and CTO, in a statement. “A pioneering exploit, this DNS rebind attack infiltrates the trusted side of the home gateway— a sacred space in our book. Cable Haunt validates our belief that AI-driven network-level security is the best way to protect connected devices with varying degrees of updatability in homes.”</p><p><a href="https://www.nexttv.com/news/minim-integrates-platform-into-motorola-and-sercomm-wi-fi-devices" data-original-url="https://www.multichannel.com/news/minim-integrates-platform-into-motorola-and-sercomm-wi-fi-devices">Related: Minim Puts AI-Powered WiFi Management and IoT Security Platform into Motorola and Sercomm Routers</a></p><p>Cable Haunt was identified by Danish security firm Lyrebirds, which <a href="https://cablehaunt.com/">put up a website</a> detailing the flaw.</p><p>“Cable Haunt is a critical vulnerability found in cable modems from various manufacturers across the world,” the Lyrebirds site homepage reads. “The vulnerability enables remote attackers to execute arbitrary code on your modem, indirectly through an endpoint on the modem. Your cable modem is in charge of the internet traffic for all devices on the network. Cable Haunt might therefore be exploited to intercept private messages, redirect traffic, or participation in botnets.”</p><p>For their part, the Minim’s founders say their company was founded as a response to the Mirai Botnet crisis of 2016. Their previous company, internet performance management and web application security company Dyn, was acquired by Oracle in 2016.</p><p>“Three years post Mirai, the home edge now has at least one platform to protect against emergent threats,” said Jeremy Hitchcock, co-founder and chairman of Minim and former Founder and CEO of Dyn. “Minim offers zero-day protection for a vast security threat to homes and businesses around the world. These protections are table stakes for CPE vendors and service providers. I love what we’re doing.”</p><p>Minim reps say the company serves 75 service providers and OEMs, Minim offers a care portal and mobile app to support and protect smart homes. The platform is hardware-agnostic, integrating with customer premises equipment via its open source embedded agent or cloud-based agent.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
            </channel>
</rss>