Author: Maureen

It’s the year 2020. A new decade is upon us, and the time for progress is now. Commercial spaceflight is becoming a reality, consumers are buying electric cars, cell phones with more RAM than desktop PCs will soon be released, but some things never change either…

What never changes? Our reliance on internet connected devices, and ultimately the possibility for security risks and vulnerabilities in those devices, that allow for malicious exploits to be run against a network.

What is it?
The latest critical vulnerability has been named Cable Haunt, specifically because it affects cable modems and modem/router combos from a number of manufacturers throughout the world. The word haunt is used because the exploit has existed within these devices, silently, for many years now, and has only recently been discovered. This could impact around 200 million cable modem users.

Discovered by Lyrebirds, a cyber security company in Denmark, they have created a website to address and discuss the vulnerability and have included a deep dive technical report (available here) as well as a proof of concept and test script you can run against your own network to see if your modem is vulnerable.

What could it do?
Cable Haunt is exploited by first gaining access to a local network device like a computer, though it could be any device on the LAN. This can be via a number of methods and is outside the scope of this document for now. Once the local device is compromised, a buffer overflow attack is initiated against the modem, ultimately giving the attacker control of the cable modem.

CableHaunt specifically attacks a tool built into modems called Spectrum Analyzer. A flaw in Spectrum Analyzer allows an attacker to send HTTP requests to the modem, regardless of the local device they’ve attacked first. Once the buffer overflow is in place the modem is under the attackers control, and they could perform a number of malicious changes including; updating DNS servers to point end users to malicious versions of legitimate web sites, man in the middle attacks, changing firmware, and more

How to protect against it?
Since Cable Haunt is dependent on first taking control of a local device, it is possible to configure many routers to block local access to the vulnerable modem. If access to the cable modem is prevented, there isn’t a way to actively exploit Cable Haunt. We’ll cover a few different router manufacturers here with screenshots on how to make these changes. TIP: A downside to this firewall rule is you won’t be able to access your modem either. You could modify these rules to block only the port that the Spectrum Analyzer runs on, but if you replace your modem and a different port is used, you’ll no longer be protected without first updating created rules.

First, it is important to determine IF your device is vulnerable. Currently, only devices running Broadcom equipment are affected. If your device is NOT manufactured with Broadcom components, you are safe! You can visit Approved Modems for a list of manufacturers and devices to determine if you are affected.

---

Peplink/Pepwave

1. Log into the web administration interface at 192.168.1.1 (Pepwave) or 192.168.50.1 (Peplink). If you have changed your LAN IP, please use the new address.
2. Log in, and visit the Advanced (Pepwave) or Network (Peplink) tab, and select Firewall: Access Rules, from the left menu.
3. On the right of the screen, you’ll see sections for Outbound Firewall Rules, Inbound Firewall Rules, and Internal Network Firewall rules, along with any existing rules that are in place.
4. Click Add Rule under Outbound Firewall Rules
5. Create a rule named Cable Modem Block and follow the screenshot below. Important here is setting the Action to Deny, and enabling Event Logging for later review. Click Save.

   

6. The firewall rules are set up with the highest priority rules listed first, so click and drag the newly created Cable Haunt rule to the top of the list. Be sure to click Apply Changes in the top right corner of the web administration interface.
7. Special note – If your cable modem uses a different default address other than 192.168.100.1, be sure to modify this rule to the appropriate IP address.

How do I log into my Peplink/Pepwave if I disable local access?
InControl is Peplinks cloud management platform which provides monitoring, configuration, and remote access, to all of your Peplink/Pepwave hardware from a single sign on. If you are a business and are deploying Pep equipment across multiple sites, InControl can manage them all. You’ll have real time views into network performance, internet connection status, client lists, data usage, and more. You can remotely configure and push configurations such as WiFi updates, firewall settings, and firmware updates.

When it comes to Cable Haunt, InControl gives you a simple means of remotely accessing your local router interface with their Remote Management feature. A simple firewall rule, as described above, blocks local devices from executing Cable Haunt vulnerabilities. With InControl, you can still log into the router, manage and make changes, all securely. You can follow this link for the InControl 2 user manual.

Learn more about Peplink/Pepwave products and services at 5Gstore

Cradlepoint

1. Log into the web administration interface at 192.168.0.1. If you have changed the default address, please use the new address.
2. Log in, and visit the Security tab on the left side of the page, and click Filter Policies.
3. You’ll see a few basic Filter Policies in place depending on your configuration. Click Add.

   

4. Name your filter Cable Modem Block, set the default action to Deny, and select Log to enable logging to the router for later review.
5. Enter a source address of 0.0.0.0 for all LAN clients. Destination is the IP address of your cable modem, typically 192.168.100.1, but be sure to modify if you’ve changed this.
6. Click save, and then Apply Changes.
7. For a full breakdown of the Cradlepoint Firewall, visit Cradlepoint Connect.

How do I log into my Cradlepoint if I disable local access?
NetCloud Manager is the Cradlepoint cloud management platform. NetCloud performs the functions you would expect from the cloud; firmware management, device configuration, status, alerts, and more.

Cradlepoint no longer sells hardware on its own, and instead offers solutions packages that include technical support, warranty, and access to NetCloud. You can follow this link for a guide on using NetCloud, including local administration and cloud management.

Learn more about Cradlepoint and NetCloud services at 5Gstore

Sierra Wireless

Sierra wireless doesn’t have a typical stateful firewall built into its web administration interface. You can not explicitly tell the router ‘block outbound traffic to 192.168.100.1.’ Instead, you can block ALL outbound traffic, and create a list of Trusted IPs that can be accessed by local devices. This means making a rule for ALL IPs you wish to visit, which can be cumbersome. This is not a problem though, as typically you are NOT using a cable modem along with the Sierra product line. Cellular is the typical primary connection and is not affected.

If you do have a Sierra with a connected cable modem, you’ll need to add a firewall appliance like a Sonicwall or similar, in order to block access to the modem from the local network.

Other Manufacturers

Michael Horowitz of RouterSecurity.org has an excellent in-depth article on blocking cable modems from various manufacturers such as TP Link and Asus. If your specific model isn’t listed, it doesn’t mean the same general rules won’t apply.

---

Additional Considerations

Q: What if I have a cable modem/router combo provided by my ISP, and it is in Bridge or IP Passthrough mode, am I affected?

A: Putting a modem/router combo in Bridge mode won’t necessarily prevent you from a Cable Haunt attack. Some devices still run their web servers while in passthrough, which leaves an open means of attack. Don’t assume everything is okay, test!

---

Basic Testing

While not perfect, a quick test in a web browser can help determine if a network is potentially vulnerable to Cable Haunt. This can be done on a desktop PC, laptop, or phone, that is wired or connected via WiFi to the network you wish to test.

1. Open up a web browser of your choice (Chrome, Firefox, Safari, etc)
2. In the address bar, enter the corresponding default IP Address from this list

   

3. f the page loads to a login screen, the network is potentially susceptible to Cable Haunt. 

Advanced Testing – IT Professionals Only

The folks behind Lyrebirds, the organization that found this vulnerability, have developed a script to let network administrators test their modem for Cable Haunt. They’ve posted the script and Python code to their GitHub repository for download.

Fair warning, this is a ‘use at your own risk’ tool and should only be utilized on networks that you own or have explicit authority to test. Ultimately, this test will cause a vulnerable cable modem to crash and reboot if the device is found to be vulnerable. Therefore, do not perform this testing during business hours or times when internet connectivity is critical.

Lyrebirds have posted a video showing an active exploit against a Cable Haunt vulnerable modem in a test environment. In just a few minutes you can see how their GitHub testing script works, and just how quickly a knowledgeable attacker could gain access to a modem completely undetected in most cases.

Being an early adopter of new technology usually means spending more on equipment, but the competition between Apple and Samsung may mean that 5G phones will have a lower price than you’d think.

Apple does not yet have a 5G-capable iPhone, but rumors indicate that they’ll be launching at least 2 5G iPhones in 2020, with one being lower in price and a second more “premium” model.

Samsung already has one 5G-capable phone, the Galaxy S10 5G, and it is quite pricey. However, Apple’s rumored introduction of a cheaper model has led to Samsung planning to launch their own lower-cost “E” (as in “essential”) Galaxy 5G in 2020 to compete.

The actual prices of the rumored lower-cost Apple and Samsung models are yet to be known. But the competition between the two should help to drive down prices and encourage more non-premium 5G options.

In an effort to better compete with China in 5G development, a group of U.S. senators has proposed utilizing up to $1 billion to subsidize 5G research and development in the U.S. The legislation is aimed at providing alternatives to Chinese telecom-equipment makers Huawei and ZTE, which have been called out as potential security threats to the U.S.

“Every month that the US does nothing, Huawei stands poised to become the cheapest, fastest, most ubiquitous global provider of 5G, while U.S. and Western companies and workers lose out on market share and jobs,” said Mark Warner, a Democrat from Virginia. “It is imperative that Congress address the complex security and competitiveness challenges that Chinese-directed telecommunication companies pose.”

The proposal, called the Utilizing Strategic Allied Telecommunications Act, would allocate at least $750 million to companies developing 5G wireless technology and would create a $500 million fund to be made available to manufacturers deploying “trusted and secure” wireless equipment in the U.S. and elsewhere.

Read more

Verizon was very aggressive with their 5G rollouts at the end of 2019, and in 2020 it looks like they plan to offer customers a lot more options to use the new network.

Right now they only have 5 options available that work on the 5G network: a 5G hotspot and 4 smartphones (Samsung Galaxy S10 5G, Galaxy Note 10 5G, LG V50 ThinQ 5G, and the Moto Z4 with 5G Moto Mod). In 2020 they plan to launch 20 more.

Ronan Dunne, head of the Verizon Consumer Group, said at CES this week that in the first half of 2020 Verizon plans to release phones that will sell for around $800, with a sub-$600 phone to be available in the latter part of the year. He didn’t provide specifics on models or features, but said that he expects most of the 5G devices launching this year to be phones, with just a couple of hotspots being added to the lineup.

With 5G becoming more available every month thanks to launches by Verizon, AT&T, and T-Mobile, many consumers are eagerly anticipating more 5G-capable devices to choose from. Options are limited right now, and Apple fans have been waiting for news on when a 5G-capable iPhone will be available.

Mehdi Hosseini, a semiconductor analyst for Susquehanna, indicated this week that based on his checkins with suppliers, he anticipates that Apple will launch their first 5G phone in September using sub-6ghz technology, with a faster mmWave 5G model coming in December 2020 or January 2021. Depending on your carrier of choice and the technology they’re using for 5G in your area, one model may be more attractive over the other. 5G networks using MmWave (like Verizon’s) are much faster, but have limited range and coverage.

The scoring of 5Gstore’s top products comes from a combination of their popularity as well as the number of customer reviews they received and the average rating customers gave the product. Many of this year’s winners, like the IP Switch (both the single outlet and dual outlet versions) and Pepwave Max BR1 Mini are perennial favorites and have appeared on our “best of” lists for years. Others, like the Sierra Wireless RV50X and Pepwave Max Transit Mini are new to the list for 2019. Congratulations to all of the manufacturers of our 2019 top products!

If you ordered any of these products (or any others!) from 5Gstore, don’t forget that you can log in at 5Gstore.com and write a review of your own. We post all reviews – good and bad – and always appreciate the feedback!

Rank	Product	Reviews
1	Pepwave Max BR1 Mini with LTE Affordable router with embedded LTE (cat 4 or cat 6 LTE Advanced) for home, travel, and small business	“I purchased this modem to use it as a back up ISP. For my Voice over IP phone system. My main router has a fail over WAN port which I plugged the peplink modem into and set the modem up in pass through which was extremely easy to do. After completing the setup I disconnected my main ISP and with in 3 minutes my voip phones seamlessly work with no delays or issues. I would consider buying a second modem for my home!!!” “I needed a quick way to connect a remote user to our office with an IPSEC vpn tunnel to the SonicWall at our HQ over a cellular data connection. Worked perfectly.” read more reviews
2	Dual Outlet Remote Power IP Switch Allows you to remotely monitor and reboot up to two pieces of equipment via smartphone app, cloud, or Google Hangouts	“I am pleased with this purchase. Fast shipping and the order was as described. Lots of good information and setup tips were supplied. The device works very well and I really like that I can remotely power cycle my IP supplied modem/router, set a power cycle schedule and use health check pings to determine if the router/modem has locked up and auto power cycle.” “Awesome product. Saves making a special trip to a remote location to reset the router/modem if connection is lost. Great for vacation home or cabin, especially if you have WiFi security cameras!” read more reviews
3	Single Outlet Remote Power IP Switch Allows you to remotely monitor and reboot your equipment via smartphone app	“It allows me to reset equipment remotely saving me hours of drive time everytime the device locks up. I suspect it will pay for itself the first time I use it.” “To be certain, this will enable our engineer to solve some hiccups at our tower without driving 4 hours one way. A real game changer and time saver.” “Excellent solution for my unattended router in a remote location!” read more reviews
4	Pepwave Surf SOHO MK3 Router Easy-to-use, feature-rich 3G/4G router for home and travel	“Plugged in ATT air card and it picked right up and worked. Easy install and a solid product.” “The security on this SOHO WiFi router is comparable to professional grade equipment. It’s the 2nd one that I have purchased. I am quite satisfied with this router. I am using this one with an internet stick as the primary link and it is working flawlessly.” read more reviews
5	Pepwave Max Transit Mini LTE Router Affordable vehicle router with ignition sensing and advanced GPS	“I have always used a USB modem in an Cradlepoint MBR95 router for my (in the field) internet. I have a small office in the camper, we are seasonal campers & the Wifi here is unreliable & insecure. I purchased this model after speaking to a sales rep at 5g. It was simple to set up & works like a charm.” read more reviews
6	SureCall 9.5” Full-Band Omni Antenna Outdoor omnidirectional antenna for virtually all networks	“Works very well in combination with the Wilson amplifier. Easy install on an existing sensor pole. We were able to smooth out cellular connectivity and now have a strong stable signal through our provider where there was very weak and spotty service before.” “Product works great. Took me from ~3mbps download to over ~10mbps. Definitely worth the money.” read more reviews
7	Pepwave Max HD4 Quad-Modem Router Powerful quad-modem router for failover, load balancing, or bonding	“Thanks so much for your help. Only 60 mins with the unit and all 4 cards are lit with 5 bars and it is working better than I could have hoped for. Getting between 15-35Mbps down on any of the cards. I wasted a year of my life screwing around with Mushroom. Getting between 15-35 down on any of the cards” read more reviews
8	Pepwave Max HD2 Quad-Modem Router Powerful dual-modem router for failover, load balancing, or bonding	“This is an awesome unit with great flexibility and extremely easy to configure. This isn’t a segment I normally deal with (mobile) and have found working with them very exciting. Love the feature set!” read more reviews
9	Sierra Wireless RV50X Gateway Industrial LTE gateway with low power consumption	“Top-notch ultra-low power consumption product — the perfect replacement for the trusty Sierra Raven XE I’ve been using in my remote solar-powered surveillance system for the last 7 years. Bought this new Sierra model to upgrade the system from 3G to 4G.” “Compact and versatile cellular modem” read more reviews
10	Cradlepoint IBR900 Mobile Router Powerful vehicle router for failover or load balancing	“The pre-sales team at 5G are top notch and made purchasing the correct equipment easy.” read more reviews

Verizon announced today that visitors to New Era Field and KeyBank Center in Buffalo, New York, will now be able to enjoy 5G service at the venues. New Era Field is the 16th NFL stadium in which Verizon has deployed 5G Ultra-Wideband service, and KeyBank Center is the fifth indoor arena to get Verizon 5G.

In addition to the stadiums and arenas, Verizon 5G is available in parts of 31 cities around the country. The full list of cities as well as specific coverage maps can be found on Verizon’s site. To utilize 5G, Verizon subscribers need a 5G-capable phone like the Samsung Galaxy Note 10 Plus 5G as well as an unlimited data plan.

With the launch of 5G service in Cleveland and Columbus, Ohio yesterday, Verizon has surpassed their goal of bringing 5G to 30 cities in 2019. Verizon 5G is now available in parts of 31 cities around the country, as well as 15 NFL stadiums. The full list of cities as well as specific coverage maps can be found on Verizon’s site.

To utilize 5G, Verizon subscribers need a 5G-capable phone like the Samsung Galaxy Note 10 Plus 5G as well as an unlimited data plan. Verizon’s 5G coverage is not widespread and is limited to only parts of the cities, so users in 5G cities should check coverage maps to see where they’ll actually be able to use the new network. However, while coverage is more limited than AT&T’s or T-Mobile’s respective 5G networks, Verizon’s 5G network is considerably faster.

Verizon launched 5G in six more markets today, for a total of 10 launches this week alone and 28 so far in 2019. The latest cities to get Verizon 5G are Miami; Salt Lake City; Charlotte and Greensboro, North Carolina; Grand Rapids, Michigan; and Spokane, Washington. They have promised to launch in at least 30 cities this year, so it is likely that there will be additional cities announced next week.

To utilize 5G, Verizon subscribers will need a 5G-capable phone like the Samsung Galaxy Note 10 Plus 5G as well as an unlimited data plan. Verizon’s 5G coverage is not widespread and is limited to only parts of the cities, so users in the area should check coverage maps. While coverage is more limited than AT&T’s or T-Mobile’s respective 5G networks, Verizon’s 5G network is considerably faster.

After launching 5G in Los Angeles yesterday, Verizon continued their speedy deployment this month by launching service today in Des Moines. Coverage maps are not available yet, but service is expected to be available in parts of downtown, East Village and West Des Moines and around popular landmarks like the Iowa State Capitol, Hyvee Hall, Wells Fargo Arena, Pappajohn Sculpture Park, Principal Park, Jordan Creek Town Center and MercyOne West Des Moines.

Des Moines is the 20th city in which Verizon has launched their service this year. Nicki Palmer, Verizon’s senior vice president of technology and product development, said recently that the carrier is on schedule to reach their goal of launching service in a total of 30 cities by the end of the year. They have not announced all 10 of the cities that will round up that group of 30, but they have confirmed that Charlotte, Cleveland, Columbus, Little Rock, Memphis and Salt Lake City are on the list.