[sveiss]

If you’re with Comcast, then it’s very likely they do have access to the modem, even if you own it.

A cable modem is somewhat “trusted” from the perspective of the network: cable is physically a shared medium, and a malfunctioning or malicious devices can disrupt service for everyone on the same physical cable segment. There’s no way for an ISP to remotely cut off a bad device.

This means cable ISPs demand tight control of the equipment connected to their network, including remote configuration and firmware updates. Comcast enforce this by limiting activation to a list of approved devices, and there’s a certificate-based scheme to try and prevent spoofing an approved device.

Historically, the cable modem also enforced download and upload speed limits as well, giving ISPs another reason to keep modems under tight control, but I don’t know if that’s still the case.

If you distrust Comcast, then you should treat your DOCSIS device as hostile even if you own it, and put it behind a router you do control instead of using a combined modem/router.

[max51]

if he only paid 100$ for a modem and it was brand new, it likely wasn't an all-in-one station like what large ISPs are trying to push. Cheaper/dumber modems severely limit the amount of control Comcast have and how much they can fuck up your network with a bad update. They can't mess up your wifi settings if the box they control doesn't even have a wireless radio on it.

"dumb" modems are a lot more reliable simply because there is nothing for them to patch inside. It doesn't have a complex OS running a wide range of services that need regular updates (managing a TV, wifi, file sharing, etc.).

[matthew-wegner]

simply because there is nothing for them to patch inside

Cable ISPs still regularly push firmware to compatible modems on their network, standalone or combo modem/router, rented or owned

If it runs on their network, they have the ability to flash it (and they do)

It's a lot less control than your wifi/router settings, obviously, but it's still a thing

[sveiss]

Yeah, if it’s just a modem with a separate router that’s fine, but I think you can get an entry level all in one for around $100 now?

I see at least one on Amazon, but it’s hard to tell if it’s refurbished, which most at that price point are.

[illiac786]

And how do they do this? They have a team dedicated to hacking modems? More seriously, many cable modems have a setting "allow ISP to update settings". You can disable it and then the ISP cannot access it, full stop.

They can however very easily block it. Especially if they contract prohibits using your own modem.

[sveiss]

Do you have an example of a cable modem that blocks remote setting updates?

Both remote configuration and remote software updates are MUSTs in the DOCSIS spec[1], and my understanding is that the information in the configuration file is technically required for the modem communicate with the headend for anything more than bootstrapping. There’s no way to turn this off and have a functioning modem.

CableLabs enforces adherence to the DOCSIS spec, and there’s a certificate scheme that ensures that only certified devices gain access to the network, so I don’t see how a non-compliant device that allows users to block updates completely could ever be used with most ISPs. (I’m ignoring the possibility of extracting a valid certificate from a compliant device, of course—I’m talking about buying a non-compliant device off the shelf.)

There’s another configuration protocol, TR-069[2] which is more concerned with configuring the Wi-Fi side, and this is usually under user control in user-owned devices. This might be what you’re thinking of?

For ISP-owned DOCISS devices, even if the user switches TR-069 off, it could potentially be silently re-enabled by a remote software update.

[1] https://www.cablelabs.com/wp-content/uploads/2015/08/CM-SP-O... (section 8.2.2 and 8.2.3)

[2] https://en.m.wikipedia.org/wiki/TR-069

[illiac786]

Yes, sorry, I was talking about T-R069.

I meant the Wi-Fi settings and I did the same error as most, I wrote "modem" and meant "Wi-Fi router with built in modem".

Bottom line is, we agree, ISPs can be blocked from changing *WiFi* settings.