researcher accidentally finds 0-day affecting his entire internet service provider

preview_player
Показать описание
This is truly one of the craziest scenarios I've ever seen. An API endpoint left wide open lets you hack anyone's router.

Thanks for letting me make this video Sam!

🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒

🔥🔥🔥 SOCIALS 🔥🔥🔥
  1. Low Level
  2. router
  3. hacker
  4. security
  5. vulnerability
  6. 0day
Рекомендации по теме
researcher accidentally finds 0:29:02

researcher accidentally finds 0-day affecting his entire internet service provider

When you Accidentally 0:15:59

When you Accidentally Compromise every CPU on Earth

THIS IS NOT 0:00:23

THIS IS NOT A WAVE BUT THE ENTIRE OCEAN FOLDING OVER

Cybersecurity Expert Demonstrates 0:03:27

Cybersecurity Expert Demonstrates How Hackers Easily Gain Access To Sensitive Information

Mistakenly Grabbing Molten 0:00:19

Mistakenly Grabbing Molten Glass (For safety/hazard education, don’t try!) #shorts

Psychiatrist films her 0:00:59

Psychiatrist films her own panic attack. #drsasha #panicattack #anxiety #shorts

This Zombie Virus 0:00:35

This Zombie Virus Was Just Found...

How Microsoft Accidentally 0:14:45

How Microsoft Accidentally Backdoored 270 MILLION Users

Whatever This Stupid 0:10:32

Whatever This Stupid Girl Answers In Exam Becomes Reality & World Turns Chaotic

The boy randomly 0:10:15

The boy randomly pressed the ATM, and the balance doubled by 1000 times, and he became a millionaire

Photos Taken Before 0:00:43

Photos Taken Before Horrible Disasters😨

'Internet meme ruined 0:02:11

'Internet meme ruined my career' BBC News

😱What if ACCIDENTALLY 0:00:57

😱What if ACCIDENTALLY different Blood Group is Injected in Your Body? #shorts

Accidental Discoveries That 0:05:38

Accidental Discoveries That Changed The World

Could 2 People 0:13:59

Could 2 People Actually Repopulate Earth

The accident that 0:04:51

The accident that changed the world - Allison Ramsey and Mary Staicu

Drones Sacrificed for 0:03:30

Drones Sacrificed for Spectacular Volcano Video | National Geographic

When A Criminal 0:13:15

When A Criminal Is Smarter Than The Police

How fentanyl kills: 0:01:47

How fentanyl kills: A CBC News explainer

Antikythera Mechanism: The 0:06:54

Antikythera Mechanism: The ancient 'computer' that simply shouldn't exist - BBC REEL

The Most Controversial 0:10:19

The Most Controversial Problem in Philosophy

The Hair Growth 0:00:20

The Hair Growth Cycle

This Dinosaur Was 0:24:06

This Dinosaur Was Literally Alive One Week Ago. Dinosaur Found in Perfect Condition

Elon Musk Tells 0:20:13

Elon Musk Tells Us What The Navy Saw While Diving in the Ocean

Комментарии
Автор

"If you think professionals are expensive, try hiring amateurs."

pele
Автор

'How did you bypass auth'
'Simple, do the request again'

wolfieboy
Автор

For me, the 0-100 moment was from “oh, the swagger docs are in production” to “oh, I can call an API without being authenticated”

benheidemann
Автор

Just a heads up, towards the end of the video (27:19) you said you "think Cox fixed the issue within a month or two." Using the day/month/year calendar, that makes sense based on what this post has written, but I think this post had the date in a month/day/year format, suggesting the bug was hot fixed within a day of it being reported, not a month.

I can only imagine how many heart attacks this researcher nearly had from beginning to end of this story.

AntVenom
Автор

Cox once put corporate domains from an email whitelist (to allow them to send emails en masse) onto a blacklist, ensuring hundreds of firms cannot send emails to Cox users, then pretended those corporations are at fault. Those corporations are blocked to this day

evocorporation
Автор

I work for a Large ISP, we can push settings, pull settings, get train rates, see connected devices, i can bridge ports to WAN so I could expose anything plugged directly into our gateway directly to the public network, if you changed the passwords on the device I can force reset them, or even factory reset the whole device. If you care about your privacy and safety use your own router

JeffreyMichaud
Автор

Bro went out and accidentally discovered another vulnerability after he got hacked via a different method 💀

brawldude
Автор

kudos to Cox for eventually opening a conversation with Sam.
the poor office worker must have been very confused. "this doomsday apocalypse guy claims to have found a way to hack all of us"

andreasguillot
Автор

This reminds me of another story I read about a German ISP years ago, must've been at least 5 years ago.
The ISP in question (I believe it was Vodafone Germany, Unity Media or Kabel Deutschland; definetly one of these three) wasn't providing customers with the credentials necessary to use any router on their network (at the time they didn't had any legal obligation to do so, so they forced customers to use the rental routers).
So one of their customers didn't want that rental unit and instead wanted to use their own router, so they started digging in the rental router from their ISP to get it to spit out the network credentials. While doing so they found out that bypassing the rental router and getting direct access to the ISPs network also gave them direct access to a similar maintanance API, completely without any authentication requirements (after all, you wouldn't normally have completely free access to this part of the network). So it was fairly trivial for them to change any router from that ISPs network, just by using his own router.
Not only did the ISP fix that vulnerability quickly, it also sparked a big legal debate on whether or not it was legal for that ISP to demand usage of rental routers. The outcome was no and now everyone can use any router, even on the cable networks (which is now all Vodafone Germany)

Chickenbreadlp
Автор

"they fixed the issue in a matter of a month or two, which is really really solid"

Was listening to the vid on the side when I heard this and stopped what I was doing to do a double-take.


This vid wasn't scripted so I might be a bit pedantic here but I did want to make one comment. It seem that it was fully *resolved* in a month or two, but the vulnerability itself was shut down less than 24h after it was reported.

That's honestly really cool they had that fast of a turnaround given how large Cox is. I've worked at enterprise companies in the past that brush security issues under the rug, so this is refreshing to see.

Jessie-blrm
Автор

The scary thing is that all the described stuff is really easy and very basic stuff. Its not something highly sophisticated or really obscure, the exploit just uses the most basic building blocks anyone who ever did anything in networking is familiar with.

Monotof
Автор

When I bought my own router, my ISP insisted on configuring it to be remotely accessed, I allowed them to configure it just because I was already pissed and disabled it right after, no no no, no ramdom person access here

thfsilvab
Автор

bro could have easily just “lost” the router and paid for the missing equipment

luisfarias
Автор

Thats why I'd never ever use any hardware provided by an ISP and obviously have all remote managing protocols disabled on the router I bought myself. Just the idea of anyone having access to my hardward would drive me crazy.

imrandom
Автор

That article reads a bit... like someone focused on the wrong thing:

"I wonder how they hacked my modem"...
[ 5 minutes later ] ...
"Darn, this is the inside of a national bank vault, I do not want to be here" ...
[ 5 minutes later ] ...
"hacked the addresses of 5 FBI offices... also not quite what I was after" ...
"nuclear launch codes" ...
mmmh...
"Ah here... this is it! Mr Router-company, please fix your software. I do not want my router to be hacked again, this is just such a nuisance!".

MrRecorder
Автор

As a fellow software developer who uses spring for backend development i can assure you that i forgot more than once to dissable swagger for prod env)

MrZadeak
Автор

This is why you should always have a router under your direct control in between your ISP's router and your internal network. And turn off your ISP router's WiFi radio. Your ISP then sees exactly one device on your network - a router that doubles as a firewall. Defense in depth starts with precise control over your home network.

privacyvalued
Автор

Wow, makes you wonder how many smaller ISPs have similar vulnerabilities.

rhigrets
Автор

Would’ve been fun to rename all the FBI wireless networks to “You’ve been hacked” and watch the chaos that ensued 😂

devrim-oguz
Автор

TR-069 is a loaded gun pre-pointed at every customers foot. All it needs is an ISP fucking up a little. But there is no way publicly traded ISPs will be cheap about software and security, right?

klti