Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Who and how can update cable modem's firmware?


  • Please log in to reply
38 replies to this topic

#1 Gramek

Gramek

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 09 January 2017 - 06:31 PM

This might sound stupid question, but I need to know: can only my ISP update the firmware of my cable modem? Or can I do it? And if yes, should I?

 

I have vague memory of once updating something using my PC after AVAST gave false alert about network being compromised (it was later solved as their screw-up).

I can not remember what I updated, just tinkering in panic and updating something from PC I have no found again later.

 

1) So I need to know - is it possible to update modem firmware myself? And could I ruin something about modem from PC side?

 

My cable modem is Scientific Atlanta 2203.

 

 

 

2) I am not sure if I updated firmware once in past or not, but if I messed something up back then, modem would not simply work right now?

I mean, if I have done any damage to it by installing anything, it wouldn't be hiding some security risk? Like, is there any method to check if modem is working properly and not being a security risk? Connection and speed seem to be working just fine. I simply don't know enough about modems to be sure if there are no security risks.


Edited by Gramek, 09 January 2017 - 06:40 PM.


BC AdBot (Login to Remove)

 


#2 jburd1800

jburd1800

  • Members
  • 565 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 09 January 2017 - 06:48 PM

Not sure if it matters, but do you own the modem or rent it ?

“May the sun bring you new energy by day, may the moon softly restore you by night, may the rain wash away your worries, may the breeze blow new strength into your being, may you walk gently thorugh the world and know it's beauty all the days of your life.”


#3 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 PM

Posted 09 January 2017 - 06:48 PM

Best i can tell the ISP has a remote admin access backdoor to that device for that topic and maybe for all rotuer topics, not my stile of hardware.

My self if it were my network i would repalce the hardware, i know my isp is the same way with thier in house networking hardware they like to set people up with.

My self i got all my own hardware on this topic, ill pass on backdoors in my networking hardware.

 

I don't like backdoors in hardware and my self i would only use my own networking hardware send the ISP in question if they said anything to my face about it a big FU.

 

https://www.timewarnercable.com/content/dam/residential/images/support/faqs/Internet/cable-modems/Internet%20Cable%20Modems/SA_DPC-EPC2203_UserGuide.pdf


Edited by shadow_647, 09 January 2017 - 06:53 PM.


#4 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:11:10 PM

Posted 09 January 2017 - 09:50 PM

The DPC2203 is a DOCSIS 2.0 MTA, or modem with phone adapter built in, with 2 lines. See here for specs. What you may have saw is a webpage that uses script to exploit a HTTP bug in the modem's webserver that allows website to send commands (mainly reset) to your modem. See more info here. This can be done through malware or simplier scareware. The firmware itself is not touched, and can only be updated by the ISP. I have heard of smaller ISP not blocking telnet and some people being able to force certain firmware, but that is very technically difficult and problematic. I would not suggest it. The firmware has to be confirmed to work with the ISP and tested for your local area. If not, it can brick the modem. Did you need a firmware update for a particular reason?



#5 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 PM

Posted 09 January 2017 - 10:06 PM

Good info, now i really don't like that cable router/modem.



#6 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:11:10 PM

Posted 09 January 2017 - 10:28 PM

If it means anything, many other modems, up to the most recent DOCSIS 3.1 CM1000 have similar exploits. Netgear modems are ahead of the curve because they hide many functions behind a user login, but since most use default passwords, it only helps so much. Firmware updates don't really fix the security vulnerability, they just remove the reset function all together, removing the exploit's claws to do anything, since everything else on the modem is read only. So OP can ask for a firmware update, just be ready for it to remove the reset function. A better fix would be a ad-block and proper AV protection  on the PC to stop the rogue HTML to begin with. 


Edited by Trikein, 09 January 2017 - 10:30 PM.


#7 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 PM

Posted 09 January 2017 - 10:45 PM

Ya i know of that hack if were talking/thinking about the same thing, watched more then one defcon hacker conference video on the topic, btw my admin password is massive on my router.

 

Speaking of that im thinking of doing something like this to my router.

 

http://www.polarcloud.com/tomato

 

defcon hacker conference video on the topic of router hacking.

 

https://www.youtube.com/results?search_query=defcon+router+



#8 Gramek

Gramek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 10 January 2017 - 07:12 AM

Not sure if it matters, but do you own the modem or rent it ?

 

Rent it.

 

 

The DPC2203 is a DOCSIS 2.0 MTA, or modem with phone adapter built in, with 2 lines. See here for specs. What you may have saw is a webpage that uses script to exploit a HTTP bug in the modem's webserver that allows website to send commands (mainly reset) to your modem. See more info here. This can be done through malware or simplier scareware. The firmware itself is not touched, and can only be updated by the ISP. I have heard of smaller ISP not blocking telnet and some people being able to force certain firmware, but that is very technically difficult and problematic. I would not suggest it. The firmware has to be confirmed to work with the ISP and tested for your local area. If not, it can brick the modem. Did you need a firmware update for a particular reason?

 

It says under the modem it is actually EPC2203 if that means anything. It looks like this

Spoiler

 

That article says "March 2016". That AVAST false alert that sent me trying to find firmware updates and something I did, but can't remember what exactly was before that.

 

I do need to ask clarification about HTTP bug in the modem's webserver that allows website to send commands (mainly reset) to modem - what does it mean for average user like me? is my modem compromised, allowing spying on me or hacking door to my computer?

 

Don't really need firmware for anything specific, just heard it should be updated but if it is out of my hands I won't touch it.

 

Is there any way to check if my modem is working well and is not compromised?


Edited by Gramek, 10 January 2017 - 07:13 AM.


#9 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 PM

Posted 10 January 2017 - 11:10 AM

If you rent it chances are its only the ISP that has contolre over it and your not alowed to touch it.

I know my ISP with the networking trash they wanted to sell me it would have given them the abilty to do whatever they want to my networking hardware anytime they want, more then that don't know what to say.

 

Did they even give you a user name and password to log in to the router at your end ?



#10 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:11:10 PM

Posted 10 January 2017 - 02:33 PM

You modem wasn't compromised. If you have no negative symptoms just ignore it. If your concerned, calls your ISP and ask if you are running the latest firmware to stop the "inconvience" from happening again. If so, you are all set. Nothing you can do or should do except make sure your computer is secure by making sure it has the latest Microsoft updates, a good Antivirus and a up to date browser with a script/ad blocker to stop websites from trying to exploit ANY code, your modem including.

 

PS. DPC vs EPC is just DOCSIS vs EuroDOCSIS. I assume you live in Europe? 


Edited by Trikein, 10 January 2017 - 02:36 PM.


#11 Gramek

Gramek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 10 January 2017 - 02:35 PM

If you rent it chances are its only the ISP that has contolre over it and your not alowed to touch it.

I know my ISP with the networking trash they wanted to sell me it would have given them the abilty to do whatever they want to my networking hardware anytime they want, more then that don't know what to say.

 

Did they even give you a user name and password to log in to the router at your end ?

 

Modem, no router. Now that you ask, I don't remember receiving anything at all... Unless those are public and same for every modem of this type?


You modem wasn't compromised. If you have no negative symptoms just ignore it. If your concerned, calls your ISP and ask if you are running the latest firmware. If so, you are all set. Nothing you can do or should do except make sure your computer is secure.

 

PS. DPC vs EPC is just DOCSIS vs EuroDOCSIS. I assume you live in Europe? 

 

Thank you!

Yes, I live in Europe. So that's what it means... thank you for explaining it to amateur! :D



#12 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:11:10 PM

Posted 10 January 2017 - 02:51 PM

I try to explain it to people by comparing it to a calculator. You or someone else can press a wrong button on a calculator to mess up the process of what you are doing, but there is nothing you can press or do to a calculator to really "break" it. Also, there is no way to hide anything you are doing. The worst you can do is tell it to reboot and delete everything in temporary memory, which just means you have to start what ever you were doing over again. So as long as your not seeing your modem randomly reboot, what you saw before was scareware using scare tactic to try to get you to do something or buy something you shouldn't. It's the malware equivalent of flipping a calculator upside down to get it to write boobs.  :lmao:

 

PS. If someone had a router or gateway (anything with more then 1 LAN port) and getting that warning, then that would be a very different story. Modems are dumb and read only, router and gateways DO hold private info and are more suspect-able to attack. Modem is calculator while a router is like a tablet. 


Edited by Trikein, 10 January 2017 - 02:55 PM.


#13 Gramek

Gramek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 10 January 2017 - 03:05 PM

I try to explain it to people by comparing it to a calculator. You or someone else can press a wrong button on a calculator to mess up the process of what you are doing, but there is nothing you can press or do to a calculator to really "break" it. Also, there is no way to hide anything you are doing. The worst you can do is tell it to reboot and delete everything in temporary memory, which just means you have to start what ever you were doing over again. So as long as your not seeing your modem randomly reboot, what you saw before was scareware using scare tactic to try to get you to do something or buy something you shouldn't. It's the malware equivalent of flipping a calculator upside down to get it to write boobs.  :lmao:

 

PS. If someone had a router or gateway (anything with more then 1 LAN port) and getting that warning, then that would be a very different story. Modems are dumb and read only, router and gateways DO hold private info and are more suspect-able to attack. Modem is calculator while a router is like a tablet. 

 

Ooooh! So unless modem decides to restart nothing to worry? Lights can blink however they want, but as long as it works, it is safe to use?

You should be a teacher, this metaphor with calculator explained things lot faster than anything my school teachers could come up with. :D


Edited by Gramek, 10 January 2017 - 03:06 PM.


#14 Gramek

Gramek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 10 January 2017 - 03:12 PM

You modem wasn't compromised. If you have no negative symptoms just ignore it. If your concerned, calls your ISP and ask if you are running the latest firmware to stop the "inconvience" from happening again. If so, you are all set. Nothing you can do or should do except make sure your computer is secure by making sure it has the latest Microsoft updates, a good Antivirus and a up to date browser with a script/ad blocker to stop websites from trying to exploit ANY code, your modem including.

 

PS. DPC vs EPC is just DOCSIS vs EuroDOCSIS. I assume you live in Europe? 

 

I have to ask one thing more, sorry!

ISP could install firmware from their side no matter if I run Windows or Mac, right? Whatever is attached to modem would not affect ISP's work?



#15 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:11:10 PM

Posted 10 January 2017 - 03:41 PM

"but as long as it works, it is safe to use?"

 

Correct. Not to say that you should ignore the warning if you keep getting it. If you every time you go to a website, you are getting a warning that something is infected your modem, then your computer is vulnerable to that trick, even if the trick isn't very dangerous.

 

"ISP could install firmware from their side no matter if I run Windows or Mac, right?"

 

Your operating system has no relationship to how the ISP upgrade the firmware of the modem. You don't even need a computer connected to the modem for them to upgrade it. Most ISP upgrade the firmware via TFTP through the coaxial/cable wire, so as long as the modem has power and a working cable signal going to it, the ISP can access by it's private IP on their (ISP) network. Most ISP will release firmware updates in a area, that will force the modem to update during one of the maintenance schedules, which is usually 1-3AM.  Since your modem's firmware update has been out for almost 10 months, it possible you already have it.

 

To check which firmware you are running, try the process shown on this page and then go to the DHCP tab and look for the "Software File Name" as shown in picture below:

 

scientific_atlanta_dhcp.jpg






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users