Cox Communications has successfully patched a critical vulnerability in its API authentication system, preventing potential attacks that could have compromised the personal information of millions of customers and granted unauthorized access to their modems.
The flaw, uncovered by security researcher Sam Curry, exposed a wide range of Cox-supplied modems to potential attacks. By exploiting the vulnerability, attackers could have:
- Stolen personal information: Gained access to customers’ personally identifiable information (PII), including names, phone numbers, email addresses, and even home addresses.
- Taken over modems: Modified device settings, executed unauthorized commands, and potentially disrupted internet service.
- Intercepted Wi-Fi passwords: Collected Wi-Fi network credentials and other sensitive data from connected devices.
“This series of vulnerabilities demonstrated a way in which a fully external attacker with no prerequisites could’ve executed commands and modified the settings of millions of modems, accessed any business customer’s PII, and gained essentially the same permissions of an ISP support team,” Curry said.
“There were over 700 exposed APIs with many giving administrative functionality (e.g. querying the connected devices of a modem). Each API suffered from the same permission issues where replaying HTTP requests repeatedly would allow an attacker to run unauthorized commands.”
Cox responded swiftly to the discovery, patching the vulnerability and implementing additional security measures to protect its customers.
The company has also initiated an investigation to determine the extent of any potential unauthorized access.
