There is a new potential vulnerability for cable modems. I became aware of it via:
There is more information at:
And a question posted on Whirlpool at:
I'm not an expert in this space, so just posting it here so Optus gurus are alerted if they're not already engaged. I do have an Optus Netgear cable modem.
Judging by: https://www.optus.com.au/for-you/support/answer?id=5429
It does not look like Optus used those models mentioned.
That is not an exhaustive list, and they state that "the exploit is likely to work on other models as well" (which you always have to assume anyway), so I think we need an Official statement from Optus. ( 😉 @Ray_YC 😉)
Wont be long before no one is using the Optus HFC network.
Sure, but how long is that? 6 month, 12 months, who knows. I am curious to hear from them as to when they anticipate the last customer may be disconnected.
The Arris devices NBN uses are not listed, so that side is covered.
You can't assume that. Multiple manufacturers use common firmware elements.
Optus can terminate your HFC service after 90 days of the nbn going live at your address (is no 18 month wait, this is contractual).
I'm aware of that.
Seeing Optus HFC is only a very small area in major cities, id think not many left (nbn was meant to be completed this year)
Optus HFC was largely not fit for purpose for NBN which added a lot of delay in its replacement, so who know how long is still to go.
If its an exploit for the Arris devices then Telcos cannot do a thing, device is owned and managed by NBN themselves.
But as consumers our point of contact is our RSP, so it is to be expected that we go through Optus.
RSP's cannot do a thing in regards to NBN and their devices, its a take it or leave it attitude from NBN Co themselves.
They can certainly ask about potential exploits.
They also have a vested financial interest, if for example their customers get compromised and get added to botnets they could be pulling/pushing a lot more data. and potentially higher CVC fees (not to mention other network performance issues).
Their are numerous backdoors into all networking gear that the public is not aware of, everyone is snooping on each other.
Sure, put a public exploit is an entirely different beast.
Get a VPN from a legitimate VPN provider and off you go.
We are talking about a hardware exploit here, I doubt a VPN helps much in this situation.