|
Mfg Cert from AVM compromised
|
19-11-2016, 07:18 AM
https://www.excentis.com/testing/certifi...rtificates
background story (in german): https://www.heise.de/security/meldung/En...65065.html 
19-11-2016, 10:56 PM
20-11-2016, 08:42 AM
(19-11-2016, 10:56 PM)occalifornia Wrote:(19-11-2016, 04:01 PM)Winston Wrote: Nice story, too nice actually. Why? It's happened and all MSO should revoke this Mfg Certificate immediately. The US MSO should check very fast if they CMTS software have installed the EuroDOCSIS Root Certificate and delete it. Many software releases holds both Root CA Certificates (US and EU).
21-11-2016, 03:05 AM
(20-11-2016, 08:42 AM)FallGuy Wrote:(19-11-2016, 10:56 PM)occalifornia Wrote:(19-11-2016, 04:01 PM)Winston Wrote: Nice story, too nice actually. It was a joke - hence the ASCII emoji.. 
21-11-2016, 11:48 PM
Oh yes...of course..the joke ASCII emoji vs a serious emoji...
Damn, "I could have had a V8 slap on the forehead".....
23-11-2016, 09:02 AM
Sorry for pushing this thread up but there is small update. Joel Stein will give a lightning talk at the 33C3 about the situation.
You can find his slides here: https://events.ccc.de/congress/2016/wiki...ing_DOCSIS Im curious if the old AVM CA will come into Diagnostic Images like the Self Signed Stuff from Motorola or Scientific Atlanta did at Haxorware.
Here is an update regarding the lightning talk:
https://www.youtube.com/watch?v=B5uqQL-d....be&t=3785 It's really easy to create a own Intermediate CA with this private key. Btw. during my investigations I found out that the Manufacturer Public Key is slightly to big to be handled without problems by Haxorware on the 3349 or even on a 3390 based 3.0 CM. So they will not send the Manufacturer Public Key during the BPKM handshake and the BPI process stucks. However, if I use the files on Puma based cable modems it'll work. |
|
« Next Oldest | Next Newest »
|
