Regarding modems Arris NVG589 and Arris NVG599, which are standard equipment for AT&T U-verse customers
Arris Modems and Routers Have Major Security Flaw
“If you use an Arris or Motorola broadband modem, router or gateway provided by AT&T, better check your network device’s configuration.
Texas-based information-security firm Nomotion has found five serious security flaws that could let hackers take over your network, inject ads into the websites you view and even directly attack devices on your network….”
https://www.tomsguide.com/us/arris-att-router-modem-flaws,news-25787.html
Three Hardcoded Backdoor Accounts Discovered in Arris Modems
https://www.bleepingcomputer.com/news/security/three-hardcoded-backdoor-accounts-discovered-in-arris-modems/
Alert: AT&T customers with Arris modems at risk of remote hacking, claim infosec bods
https://www.theregister.co.uk/2017/09/01/att_customers_with_arris_modems_at_risk_claim_infosec_bods/
Router flaws put AT&T customers at hacking risk
http://www.zdnet.com/article/flaws-in-att-routers-put-customers-at-risk/
(When he says the flaws can be “easily mitigated”, I’m not sure that most of the other articles I’ve read about this would agree completely with that. It seems that different articles point out slightly different issues and solutions.)
SharknAT&To
https://www.nomotion.net/blog/sharknatto/
U-Verse Arris Modems with HUGE security vulnerabilities
Customer question: “So, its been about a week since the Security Vulnerabilities for the AT&T Arris NVG589 and NVG599 Modem/Routers were published. Now that there is a public disclosure, has anyone seen any response or proposal for solution from AT&T?”
Another customer’s reply: “Horrible chat on this and another topic Tuesday. Two separate telephone transactions today. THEY HAVEN’T HEARD OF IT! No one apparently watches anything or cares.”
https://forums.att.com/t5/AT-T-Internet-Equipment/U-Verse-Arris-Modems-with-HUGE-security-vulnerabilities/td-p/5258081
=====
My questions
I have had an Arris NVG 589 modem from AT&T for 3 years.
I have no idea how, since my finger is not exactly on the pulse of random technology news, but I had actually read about this issue in the first part of last month. I had only read an article’s headlines, I didn’t dig into the details.
The reason I didn’t get into the details of it, even though it’s my model of modem, was that I had already ordered an upgrade in my internet speed from AT&T, and the telephone rep had told me that they’d need to replace my modem as part of the installation, so I thought that I wouldn’t have the NVG 589 much longer.
I had to wait 3 or 4 weeks for the installation. The phone rep said it was necessary for an installer to come out and for me to meet with him in the house, etc.
He was supposed to come at 4 pm. He called when he was parked outside, at 9 am. He was not apologetic about being so early. Harrumph.
After doing something outside for a couple of minutes, he said that it was down in his book as a “self-install”, so he didn’t have to do anything inside the house at all. Argh.
I asked him where my new modem was, and he said that he wanted me to keep what I had. I said, “Well, I’ve read recently that the Arris NVG 589 has a lot of vulnerabilities and I thought I could get a safer model from you.”
He looked at me like I was talking nonsense, and he said, “No, there hasn’t been any announcement like that. I haven’t heard anything like that.”
I said, “Yes, there have been articles on several different tech sites, it’s apparently a big issue.”
He looked at me like I was a silly mixed-up little gal, and condescendingly told me that this modem is the most safe and up-to-date that AT&T has, so I must be mistaken.
I said, “Okay, are you done here?”
He whipped out his cell phone and said, “Which is your modem’s name, is it ‘xyz’? What is your modem password?”
I looked at him like, “Why do you need that?”
He said, “I want to do a speed test on the new connection speed.”
I wasn’t going to give him the security password, so I said that I didn’t know what it was, and then I pulled up AT&T’s speed test website on my computer (I have it as a Favorite) and ran it.
Then he got overfriendly, leaning over me, with his strong cologne giving me a headache, and I just wanted him to go. Bleuch.
[Ever since the installation, my Norton firewall has had a new warning message many times a day that something is trying to connect to something, but I’ve looked it up on the Norton customer forum, and apparently it’s not something to worry about. I don’t expect that this issue is connected to anything else in my story here, but just for good measure I rebooted the modem box and changed its passwords. Norton still shows the firewall message.]
I may call AT&T and see what other modems they have, and tell them that I was told by their phone agent that the installer would be bringing a new modem to me, but when he was here, he wouldn’t give me a new one from his truck. Surely I could pick one up at the AT&T store or they could mail one to me.
However, it is possible that they don’t actually have many other modem models now, as the articles above talk about this one being in widespread use amongst their Uverse customers.
And it sounds like, from what the technician ignorantly said to me in my house, and from the AT&T customer forum conversation that I quoted above, that the AT&T people don’t know much about this issue and don’t care.
If AT&T tells me I have to keep the Arris NVG 589 modem, should I worry about these security flaws?
(They never pass along manufacturer updates for it, and you can’t find any manufacturer updates on your own for this, so that’s not an option for making it safer.)
Should I buy my own modem/router box thing — would that work, or would AT&T not allow it?
(I’ve never supplied my own modem, so I know little about the process.)
—–
If I bought a new modem thing for myself, one good thing about that is that I could also try to find one that was already patched for the separate security issue of the “KRACK” vulnerability,
which my Arris modem is also subject to, since Arris hasn’t done anything about it and probably never will:
WPA2 security flaw puts almost every Wi-Fi device at risk of hijack, eavesdropping
“A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack.
The bug, known as “KRACK” for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks.”
http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/
Here’s every patch for KRACK Wi-Fi vulnerability available right now
“Arris: a spokesperson said the company is “committed to the security of our devices and safeguarding the millions of subscribers who use them,” and is “evaluating” its portfolio. The company did not say when it will release any patches.”
http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/
—
P.T.
