November Linux Security Lab Hacks DOCSIS 2.0/3.0

Benjamin Francom bfrancom at gmail.com
Fri Oct 29 10:50:13 MST 2010 

Related article:

http://boston.fbi.gov/dojpressrel/pressrel09/bs110209.htm

>From the article:
The guy started a company that sold & promoted tools to hack modems,
and was was "charged in a six-count Indictment with conspiracy,
computer intrusion, and wire fraud.
According to the Indictment, from 2003 through 2009, TCNISO, under
HARRIS’s direction, developed and distributed hardware and software
tools that allowed its customers to modify their cable modems so that
they could disguise themselves as legitimate, paying subscribers in
order to access internet service providers’ networks without
authorization and get premium high-speed access without paying for it.
The Indictment also charges that TCNISO and HARRIS offered ongoing
customer support, primarily through forums that it hosted on the
TCNISO website, to assist customers in their cable modem hacking
activities."

If a tool gives you the ability to commit a crime, does distributing
said tools make you an alleged criminal?  Shouldn't the customers be
the ones the feds should go after since they are *applying* the hacks
and connecting to the ISP (regardless of how the tools are marketed)?

JTAG adapters and Linux aren't specific to cable modems, but can be
leveraged to gain unauthorized access to greater bandwidth.  If this
guy sold similar tools as security tools as way to learn about DOCSIS,
would he still have been indicted?    Shouldn't the ISP be able to
control/throttle from their CO/side?

Similarly, if I found a way to reprogram a smartphone to achieve
greater (GSM) bandwidth, would that be criminal?  Even if I just
distributed the tools for research? Say something like disabling the
bluetooth radio and increasing power to the GSM radio. (Just an idea,
I doubt that would do anything...Or if its even if its possible.  I'm
no a radio or legal expert)

At what point is it criminal? If you get > .01% increase in speed?  It
must be in the EULA somewhere I'm sure.

Are these some of the legal issues that will be covered during the meeting?

(I do not condone stealing bandwidth, far from it actually.  I am just
interested in the subject.)

Fascinating stuff!!!
-Ben


On Wed, Oct 27, 2010 at 12:43 PM, Lisa Kachold <lisakachold at obnosis.com> wrote:
> NOVEMBER 6, [On Honor of Day of the Dead], we will be hacking DOCSIS.
>
> Bring your cable modems (and corresponding firmware [see reference list
> below] or just come to watch us build a Linux cable modem test distro right
> on a Motorola SB5101!
>
> NOTE:
> I only have 1 JTAG programming adapter, which is not USB (slow) so be sure
> to bring any programming adapter equipment that you might  have. [USB
> Available on EBAY for $30.00 or so..]
>
> We will follow up  this hackfest on the following Tuesday PLUG Security Team
> Discussion at JCL Cowden Center with a deeper analysis and evaluation of the
> diagnostic device we created out of the Motorola SB5101 at Gangplankhq.com
> to include current Cox equipment utilizations for DOCSIS standards 2.0 and
> 3.0 (channel bonding), speeds, and security that effects us all, however
> hidden behind a management interface for a cable modem, that we purchased,
> but for which we do not have password or general access....(scratch
> head.....wait, where is the ownership??).
>
> This is a great opportunity to learn about telecommunications (TDM, TCM)
> standards for DSL, telecommunications legalities verses internet data laws,
> privacy the FCC way, and your legal rights with regards to equipment you
> own, and finally the Cox Cable Acceptable Use Agreement.
>
> It's all just a wonderful excuse to hack a perfectly useless (hobbled and
> crippled by design)  DSL "modem" with a sweet little Linux stack firmware
> that morphs it into a nice "router" that can blow the top off all previous
> conceived network performance.
>
> DOCSIS 2.0  HOW FAST....??? We will let you know after our build at
> Gangplankhq.com on Saturday November 6, 2010 Noon to 3PM.
> DOCSIS 3.0  4 down 3 up bonded channels which equates to:  160 MB down; 120
> up (see Broadcom and TI Competition for these chips/modems (on Linux Open
> Source)
>
> Motorola's  SBG6580 3.0 has both a serial port and a USB port, but removed
> from shelves due to firmware bugs.
>
> Finally, we will demonstrate how to return the Motorola to it's former state
> in order to sell it on Ebay, Craigslist, or return it to Fry's Electronics
> </joke>.
>
> References:
> DefCon 18 Video Presentation:
> http://www.youtube.com/watch?v=jBieFU2dkDA&feature=player_embedded#at=16
> --
> Skype: 6022393392
> ATT:     5037544452
> GV:      6236883392
>
> http://www.it-clowns.com
>
> I am free because I know that I alone am morally responsible for everything
> I do. -Heinlein
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
Benjamin Francom
Information Technology Executive
http://www.benjaminfran.com

More information about the PLUG-discuss mailing list