Millions of Cox Modems Succumb to Remote Hacking via Vulnerabilities

Cox Communications, a major telecommunications company, recently addressed a series of vulnerabilities that could have allowed remote hackers to take control of millions of customer modems. These vulnerabilities were discovered by Sam Curry, a renowned researcher known for identifying significant security flaws in various products, including those from Apple, Points.com, and numerous car manufacturers.

Curry's investigation into Cox modems began in 2021 after his own home modem was compromised. Although Cox replaced his modem before he could analyze it, Curry revisited the issue in early 2024. His subsequent research revealed an API vulnerability that could be exploited to bypass authorization, granting attackers the same access privileges as Cox's tech support.

This vulnerability could have enabled attackers to overwrite configuration settings, access routers, and execute commands on devices without needing prior authentication. According to Curry, these vulnerabilities could have allowed an external attacker to perform actions equivalent to those of an ISP support team, including accessing personal information of business customers and modifying modem settings.

In a hypothetical attack scenario, Curry illustrated that an attacker could use the exposed API to search for a targeted Cox business user using their name, email address, phone number, or account number. The attacker could then retrieve further information from the user's account, such as Wi-Fi passwords, and execute arbitrary commands, update device settings, or take over accounts.

Curry reported the vulnerabilities to Cox on March 4, and the company acted swiftly to prevent any exploitation by the following day. Additionally, Cox informed Curry that it would conduct a thorough security review in response to his findings.