Skip to main content

MSOs Tackle Modem Breach

A new version of software that uncaps capped high-speed Internet service delivered via older cable modems is making the rounds on the Internet.

A group of software writers known as TCNiSO released a software specification, Sigma 1.3, to uncap older cable modems produced by Motorola Inc., as well as Com21 Inc., 3Com, RCA and Toshiba America Consumer Products.

The modems are Data Over Cable Service Interface Specification 1.0 vintage — in Motorola's case, the Surfboard 3100 product line. Later modems, built to DOCSIS 1.1 and 2.0 specifications, aren't affected.

A user would need to download the TCNiSO software and take the modem apart to do soldering work on some of the chip sets inside. The end result: A modem capable of unlimited bandwidth use.

Although the uncapping is a concern, one MSO executive said such problems have been around for a while. "It's measure [versus] countermeasure," he said, likening it to the constant cat-and-mouse job that network security executives face.

It's pretty easy to spot a modem that has been uncapped, the executive said.

"It's not that difficult to detect," he said. At that point, the MSO can stop service to the modem.

"Basically, it's part of the job," Motorola Broadband Communications Sector senior director of product management and marketing Mike Laraia said of the latest hack.

Motorola has advised MSOs on how to protect themselves from such alterations, including using the baseline privacy software that's built into modems that use DOCSIS 1.0 or later specs, Laraia said.

"We work with customers on an ongoing basis," he said. "We make sure their systems are as secure as they can be."

DOCSIS 1.1 and DOCSIS 2.0 modems remain unaffected by the Sigma software, MSOs said, provided the operator is using baseline privacy software and other standard security software.

It takes a great amount of effort to crack the modem, cable sources said, and most people would not go to the trouble of soldering silicon to beat the system. "The knowledge required to do this is fairly advanced," one source said.

Once a modem is compromised, a consumer who starts using 50 or 100 Megabytes per second of bandwidth would stick out like a sore thumb, making it easy for the MSO to detect and cut off service.

In fact, most cable-modem termination systems are set in the 3 Mbps range, making it difficult for hacked modems to operate at higher speeds.

Still, reports about TCNiSO's program — which is reportedly downloaded up to 400 times per day — have caught the attention of senior MSO engineers.

"It's a little more sophisticated than we've seen a year ago," said a cable-industry source. "It's getting a little more aggressive."

That's mainly because hackers have to physically take apart the modem and use soldering tools.

No word from MSOs about how many modems might have been compromised.