Do cable modems have special remote diagnostics or backdoors?

Hi Everyone,

I recently had a cable internet service problem (line issues) that got me to thinking about the security of the external cable modem itself (not wireless). When I called the cable service tech support, they were able to remotely determine the modem was not online. I asked the cable repair technician if the modem has any remote diagnostics or other "backdoors" that could be remotely exploited provided my ip was known to the attacker. He said, not that he was aware of, but "They" are coming up with new attacks every day and he wouldn't be surprised if they do. While he was very helpful fixing the line problem, I doubt he has the security knowledge of you, my Wilder's Friends.

So, do some/any/all external cable modems have a special remote diagnostics mode or other backdoor (within the modem) that could be exploited remotely?

 

Possibly. I'd give the tech support for your cable ISP a call.

 

Thanks dangitall,

Good idea. I called my Cable ISP tech support and received some interesting but confusing info.

First, the tech explained that they do have a remote diagnostic utility. With the diagnostic utility, they are able to determine my (external) IP address, line quality, and apparently the IP address of the NIC connected to the modem.
I asked if it was the MAC address of the NIC. He said no it is the IP address of the NIC. I assumed this is the internal (non-routable) IP of the NIC when directly connected to the cable modem with IP 10.*.*.* (masked for security).
I explained that I was behind a router/firewall and he said that is a completely different ball game. He said that they don't provide support for routers etc. but still claimed that the NIC IP address was visible to him.
I also asked about the availability of the utility and the security protecting it.
He said it is not a commercial app. Only internal ISP employees have access to it and it is password protected. I asked if the password is in my modem, he said no it is for the utility only. I asked about disgruntled employees taking the app with them. He said employee privilege is removed before termination.

What do you think about all this?
The internal IP address of the NIC he gave (beginning with 10) did not match the internal IP address of my router or any of the router's DHCP assigned NICs (all beginning with 192). I am able (from the LAN) to successfully ping the mysterious 10.*.*.* IP address as well as the 192.*.*.* router address.
What could this 10.*.*.* address be?

While I'm sure the ISP has adequate security, it would probably be possible for an employee to take the utility. There may also be other cable modem remote diagnostic utilities available, I don't know.
But let's say this (or a similar) remote diagnostic utility is in the hands of the attacker (and my IP address is already known), could this utility be useful in an attack against me?