cancel
Showing results for 
Search instead for 
Did you mean: 

Beware: Cisco DPC3825 has a security problem

smithsa
I Plan to Stick Around

According to a Cisco disclosure, the DPC3825 that Rogers hands out to customers has a security problem that could allow hackers to completely take over the device. Cisco has said that they have a fix for the problem, but it must be obtained from the ISP.

 

I spoke with Rogers technical support, and they don't know about the issue and are doing nothing about it.

 

More information can be found here: http://www.routercheck.com/2014/07/17/new-cisco-vulnerability-personal-journey/

 

 

***edited labels***

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Beware: Cisco DPC3825 has a security problem

Rogers_Chris
Social Media Specialist
Social Media Specialist

Hi folks,

 

We’ve confirmed with Cisco that our devices and firmware are not impacted by this issue.

 

Hope that clears up any concerns!

 

 

@Rogers_Chris

View solution in original post

19 REPLIES 19

Re: Beware: Cisco DPC3825 has a security problem

Does anybody know if/when Rogers will be updating their routers, per the Cisco vulnerability (http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm) announced this week?  And, anybody know where in the management web server I can confirm that update has been applied?  Thanks!

Re: Beware: Cisco DPC3825 has a security problem

Gdkitty
Resident Expert
Resident Expert
I 210% agree that Rogers does need to look into it.
Problem is they also need to test the fix to make sure it's stable on their network, etc.

Anyone renting, I would suggest going in and exchanging it for one of the other models for the time being.

Re: Beware: Cisco DPC3825 has a security problem

smithsa
I Plan to Stick Around

Sorry, I didn't see your post yesterday when I made my own about this topic.

 

I'm sorry to say that the news is not good. You can read about my experience dealing with this problem here: http://www.routercheck.com/2014/07/17/new-cisco-vulnerability-personal-journey/

 

Rogers did not want to acknowledge any issue, and told me that if the information doesn't come from them, then "don't believe what you read". Apparently, Cisco is not a reliable source for information about their own products.

 

I did some more research today by calling Cisco, and summerized the current situation here: http://www.routercheck.com/2014/07/18/cisco-dpc3825-day-2/ I actually made another post to this forum with a pointer to that blog post earlier today. The post here seems to be missing in action, I guess if you say anything that is critical of Rogers you get censored. Not cool. Not cool at all!

 

To find out your firmware version, login to the device and go to Status/Gateway. My current version is dpc3825-v302r125572-131113a-ROG which appears to be from November 2013.

 

Not sure of what to do from here. If you're concerned, I'd appreciate if you could share my blog posts detailing the current situation on Facebook and Twitter. THe more people who know about this problem, the better,

Re: Beware: Cisco DPC3825 has a security problem

techguy001
I'm a Reliable Contributor

All the more reason to run these devices in bridge mode and use your own private router.   

Re: Beware: Cisco DPC3825 has a security problem

smithsa
I Plan to Stick Around

The Cisco Security Advisory clearly says:

 

This vulnerability exists whether the device is configured in Router mode or Gateway mode.


So the problem will still exist whether or not you're in bridge mode. If you use your own private router, at least you're putting a firewall between you and the modem. However, the modem can still be taken over completely by the bad guys. If they do that, then your connection to the internet is at the mercy of very evil people. This is in stark contrst to the current situation where your connection to the internet is at the mercy of Rogers.

Re: Beware: Cisco DPC3825 has a security problem

techguy001
I'm a Reliable Contributor

I must have missed that in the message so it is worse than it seems. 

 

My comment about bridge mode is more than just problem like this but also in that in gateway mode, in addition to the vulnerability just mentioned, the unit can easily be returned to factory defaults where the userid and passwords are publicly known.   While it hasn't happened with more recent devices, I saw this happen once on the older SMC models when receiving a firmware update the unit got reset back to factory defaults.   I also have never liked the idea that an entire support organization like Rogers being quite large can have remote access into my home network and possibly reset my device and open up and see the internal side of the network in the process.   I realize many people want that and need that type of support but I'm more cautious than this and don't want anyone from the outside being able to get in easily.

 

Private routers can have vulnerabilities as well, so it's still important to choose models carefully and make sure updates are installed on any technology as weaknesses get exposed.  

 

 

Re: Beware: Cisco DPC3825 has a security problem

smithsa
I Plan to Stick Around

I'm really not sure what the holdup is, but here's the latest status:

 

http://www.routercheck.com/2014/07/20/rogers-dpc3825-still-dont-get/

 

There was a ticket open to investigate what's going on. Not sure if that's meaningful though.

Re: Beware: Cisco DPC3825 has a security problem


@smithsa wrote:

I'm really not sure what the holdup is, but here's the latest status:

 

http://www.routercheck.com/2014/07/20/rogers-dpc3825-still-dont-get/

 

There was a ticket open to investigate what's going on. Not sure if that's meaningful though.


This is your typical 'it-is-impossible-to-reach-the-relevant-people-at-Rogers' problem. Call centers are trained to answer a specific set of problems, and this is clearly far outside their training... and I think it is very difficult, if not impossible, to get them to escalate a broad technical issue of this sort. The company is just not structured that way.

 

Have other cable operators already deployed the fix?

Re: Beware: Cisco DPC3825 has a security problem

smithsa
I Plan to Stick Around

I recognize that I'm dealing with something that's WAYYYY outside of the typical phone person's expertise, and that's okay. What's not okay is when I get to higher level technical people, and they still don't get it. I feel like I'm being treated like some kind of whacko who believes every crazy conspiracy on the internet. I've tried to direct them to very credible information like the actual Cisco advisory, but still can't get through to them. I'm not sure what it will take. I've even tried the opposite approach and have spoken with people at Cisco to see if they can get Rogers to understand what's going on, but that isn't going to work.

 

As for other ISPs, I have seen this:

 

http://forums.cox.com/forum_home/internet_forum/f/5/t/5699.aspx

 

It looks like Cox, a major American ISP supports 2 of the affected Cisco devices and has also not fixed anything. What really bothers me is that someone wrote on the Cox forum:

 

"And I still think all these exploits might account for some of the unusual overages seen on the bandwidth meter cap. It's the elephant in the room no one is talking about."

 

Hmmmmm......

Re: Beware: Cisco DPC3825 has a security problem

smithsa
I Plan to Stick Around

Just noticed something very interesting. There was another thread on here talking about the DPC3825 problem that has disappeared. That's the second DPC3825 thread that has disappeared in the last few days.

 

Ignoring us is one thing. Censoring is another. Come on guys, don't do this. It's not like there's no way for us to archive this information. And it's also not like there's no other way we have to disseminate the information.

 

Not cool. Not cool at all.

Re: Beware: Cisco DPC3825 has a security problem


@smithsa wrote:

I recognize that I'm dealing with something that's WAYYYY outside of the typical phone person's expertise, and that's okay. What's not okay is when I get to higher level technical people, and they still don't get it. I feel like I'm being treated like some kind of whacko who believes every crazy conspiracy on the internet. I've tried to direct them to very credible information like the actual Cisco advisory, but still can't get through to them. I'm not sure what it will take. I've even tried the opposite approach and have spoken with people at Cisco to see if they can get Rogers to understand what's going on, but that isn't going to work.

 

Hmmmmm......


You're not dealing with "higher level technical people", you're dealing with "higher level" call centre/support people. Those people are quite possibly thousands of kilometers away from the real technical people in the engineering department.

 

Honestly, I think you're waging a hopeless fight. This company, like many (most?) others, is set up in such a way as to make sure (residential, at least) customers never wander outside the sales/support/retention/etc departments filled with people with 'soft' skills (at least in theory). A customer with some great big idea, or a customer who brings up a problem that is bigger than his/her own account, etc. will never get anywhere with these bureaucracies.

 

So, I think you have three options:

1) Do nothing. I'm guessing Cisco/Rogers/etc will eventually do something, once the fixed firmware has gone through testing...

2) If you want to try something radical, go on LinkedIn, and try finding someone outside the support hierarchy that might look like their job description involves overseeing engineering...

3) Switch to a provider that has real technical people hanging out on forums, if such a provider exists...

... or swap your modem for a CGN3?

Re: Beware: Cisco DPC3825 has a security problem

smithsa
I Plan to Stick Around

I realize that I'm not dealing with engineers and it's a bit of a hopeless fight. But there are still good reasons for addressing it. Let's look at where we are:

 

The vulerability is really bad. It can easily be exploited over the network with no authentication and it allows someone to completely take over the device. You cannot get worse than that! There is code that is known to exist that exploits the vulnerability. It's easy to find blocks of IP addresses that are used by Rogers customers. All that's missing in this perfect storm that's brewing for a major problem to occur is the criminals who want to take advantage of it all.

 

Awwww, but that stuff could never happen. No?? How about this:

 

http://www.routercheck.com/2014/03/11/massive-attack-targets-asian-routers/

 

or this

 

http://www.routercheck.com/2014/02/11/cybercrime-directed-at-polish-banks/

 

or this

 

http://www.routercheck.com/2012/10/02/4-5m-brazilians-had-their-routers-hacked/

 

Yeah, it is happening, and hundreds of thousands of people are affected because of vulnerable networking equipment.

Cisco does have a fix for the problem, but we don't know what Rogers is doing about it. Are they testing it? Are they dragging their feet? Will we see the fix next week? Next month? Who knows - this is no time to be silent. Thousands of customers are being put in harms way, and they don't even know it.

Re: Beware: Cisco DPC3825 has a security problem

Unfortunately this isnt the best place for it.. as this is a user to user forum.. none of us are rogers employees 😞

Try letting them know via facebook/twitter, where your directly posting to a rogers person/group.

 

(As for the possible removal of posts, etc... one thing that i can think of, depending on the links which were posted for it.. would be that IF there was anything in there possibly on HOW the exploit was/is done... they would want to remove it, so that someone else finding the thread, cant go and then use that, to break into another cisco users unit, etc)

Re: Beware: Cisco DPC3825 has a security problem

smithsa
I Plan to Stick Around

I'm not really expecting Rogers employees to be looking here. I'm doing this so that other customers who are affected know what's happening and can possibly act and spread the word.

 

I've gone through every Rogers channel that I can - phone, FB, Twitter. It's still unclear whether they're aware that this is a real problem and not a hoax. Coincidently, this morning I had some correspondance with the guy who actually found the vulnerability. It's really not a hoax.

 

Currently also exploring other channels to get the information out.

 

And no, I'm not posting information on how to take advantage of this. But the reality is, there aren't too many things that you'd need to know, and they aren't too hard to find.

Re: Beware: Cisco DPC3825 has a security problem

LYuan
I Plan to Stick Around

Hey, quick question to everyone with the affected Cisco device(s) - Do you guys own the modem, or are you guys renting from Rogers? If you are renting, would you consider just trading the device in to the CGN2 or upgrading to the CGN3?

Knowing Rogers, I can see them not willing to spend resources on updating the Cisco, since they don't really offer them in any official capcity anymore (I know that they actually do, but they are trying to get rid of them slowly); they want everyone to get onto their newer devices.

 

Granted, all the newer devices have their share of issues as well, but at the moment, I've seen nothing without a reasonable (time, money, etc) workaround.

 

L.

Re: Beware: Cisco DPC3825 has a security problem

LYuan
I Plan to Stick Around
smithsa, when I was dealing on an issue with the CGN3 awhile back, I had unbelievable difficulty with Rogers; everything from borderline abusive attitude from live-chat reps all the way to completely uneducated first and second level support reps on the phone, to people who would blindly deny the existence of any problem whatsover. I couldn't get anything done until I talked to the Customer Advocacy Team (CAT). As soon as that happened, I was able to talk to someone who actually listened to me and actually was able to use the troubleshooting method and results I provided to them as a basis of getting my issue recognized. From there, it took many weeks of waiting, but it paid off.

Surprisingly the second best avenue of support (at least when it comes to the right attitude and professionalism in response) was their twitter. I suppose that makes sense, as everything is laid out for the world to see. I would get a response with 24 hours. Though the response rarely resulted in a solution, they were able to put me in touch with the right people.

Hope this helps, and good luck with everything!

Re: Beware: Cisco DPC3825 has a security problem

smithsa
I Plan to Stick Around

LYuan,

 

I have been using Twitter: @RogersHelps as well as #rogers Should I be using anything else - so far, nothing.

 

How do I get to the Customer Advocacy Team (CAT)?

Re: Beware: Cisco DPC3825 has a security problem

VivienM
I'm an Advisor

@LYuan wrote:

Hey, quick question to everyone with the affected Cisco device(s) - Do you guys own the modem, or are you guys renting from Rogers? If you are renting, would you consider just trading the device in to the CGN2 or upgrading to the CGN3?

Knowing Rogers, I can see them not willing to spend resources on updating the Cisco, since they don't really offer them in any official capcity anymore (I know that they actually do, but they are trying to get rid of them slowly); they want everyone to get onto their newer devices.

 


I don't think a reasonable person should exchange the DPC3825 for the CGN2, at least if you use it as a router. From my admittedly-limited experience, the CGN2 is very moody as a NAT router, the Cisco seems solid. (Wi-Fi is a different story) In bridge mode, either seems fine...

 

Rogers is still offering the DPC3825/CGN2 quite extensively: they are the standard modem for the 10 and 30 megabit plans, which are what most 'normal' non-techies get. And they've even quietly allowed the 'Hybrid Fibre 60' on the 8-channel modems now...

 

I'm sure this will be patched, but it will be patched at Rogers bureaucracy speed...

Re: Beware: Cisco DPC3825 has a security problem

Rogers_Chris
Social Media Specialist
Social Media Specialist

Hi folks,

 

We’ve confirmed with Cisco that our devices and firmware are not impacted by this issue.

 

Hope that clears up any concerns!

 

 

@Rogers_Chris
Community Testing Lab

We’ve got an amazing opportunity to test our upcoming Gateway!

Click here to find out more!

Topic Stats
  • 19 replies
  • 5308 views
  • 3 Likes
  • 7 in conversation