Compromised Modems

ibby1570 · Jul 7, 2017, 7:46 AM

I was just reading a news story about how hackers have found an exploit in the firmware of a modem manufacture.

How would pfSense protect against a compromised modem since there is no way to put a firewall before the modem?

Derelict · Jul 7, 2017, 8:01 AM

Well, it would still protect against unsolicited connections into WAN but it cannot protect what's outside of it.

Still better than having a compromised modem that is also your firewall/router.

Anything an ISP modem can see should be considered to be out on an untrusted network. As long as you're protecting data using encryption/authentication it doesn't really matter if the compromise is one link out or somewhere else out in the ISP's gear.

jack290 · Jul 7, 2017, 4:05 PM

I think this depends to some extent on how you use the modem.

If the modem initiates a PPP connection back to the ISP and you then forward all inbound WAN traffic to a PFS firewall / router then the modem probably gets a web facing address and is visible to the hackers.

If the modem is in some form of transparent bridge mode ( many but not all bridge/routers can do this, including DSL conntion types ) and the PPP connection to the ISP is initiated by the PFS firewall/router then the modem will not get a web address so should be invisible from the web. The "web facing" address will now be the WAN port on the PFS firewall and a hacker is faced with hacking PFS, not the modem.

If this is incorrect please can someone explain further?

J.

FranciscoFranco · Jul 10, 2017, 3:36 PM

I have not read about this exploit but I know that most cellular modem modules use a CPU just like you would find in a mobile phone. These modules firmware can be updated 'over the air' by the carrier. These modules also contain a GPS device which can piggyback off the cellular antennas. So truly a Black Box if ever there was one. An embedded computer on a stick.

In my mind the addition of GPS makes these worse than an ISP modem if only for locational data.

On ATT Mobile I see twice as many port scans then I do with my home ISP. So somebody is looking. Maybe an easy attack surface.

chpalmer · Jul 11, 2017, 3:26 AM

@ibby1570:

I was just reading a news story about how hackers have found an exploit in the firmware of a modem manufacture.

How would pfSense protect against a compromised modem since there is no way to put a firewall before the modem?

are you talking about the Puma 6 models?