Cox Communications Infrastructure faced an API authorization bypass shortcoming, which resulted in exposure of the business customer’s devices to potential cyber threats and attacks. This flaw was identified by Sam Curry, a freelance bug researcher. He discovered that the attack gave access to attackers for gaining permissions for easy access to data. This means that these attackers could get access to personal data, wi-fi information, connected device details, and even access to the customer’s account information. This flaw was a result of the exposure of 700 APIs with administrative functionalities.
Cox Communications acted quickly to resolve this threat to the customers only after when Sam Curry reported it on their responsible disclosure program on March 4. Then the company ensured that they left no tracks of the flaw for attackers.
Years before, Curry saw unusual behaviour on his home network, which prompted him to investigate Cox’s infrastructure further and ultimately find the API weakness. This was the beginning of Curry’s journey to find this flaw.
Cox has addressed the vulnerability, but Curry’s inquiry is still open because of the initial occurrence. This incident serves as a stark reminder of the necessity of ongoing, strong security measures in addition to careful observation in order to guard against weaknesses in digital infrastructure.
To read the complete blog, VISIT HERE.
