It depends on the operator. I know of at least a few operators in North America (who I will not name) who still use DOCSIS 1.0, and haven't upgraded to DOCSIS 1.1 yet. There's a lot of DOCSIS 1.0 only modems (although they seem to be supplanted by DOCSIS 1.1 modems running in 1.0 mode).

Digital signing and such is great, but keep two things in mind:

1. A lot of operators just don't care about digital signing (SSD, Secure Software Download), or know how to use it. Therefore, the modem will take anything that appears to be a valid firmware file.

2. Once you have access to the serial console (as these people apparently do), you can easily bypass the security, you have full control. If you get lucky, then the vxWorks symbol table actually contains a function that will do the download, in some cases without the security checking. If not, then you can always modify the existing one.

I work for a company that manufactures cable modems (not Motorola) and I have a fair amount of vxWorks experience, so I know the issues in the industry. I certainly don't condone what these people are doing, and I really wish that they hadn't done it. I somehow see CableLabs putting in a mandate that states that modems meant for distribution are not allowed to have any serial port capabilities at all (so, no pogo pins on the board, no solder points for pogo pins).

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/7977/24901#24901