Time Warner Cable's 65,000 Routers Open to Hack
Time Warner Cable has acknowledged a 'major security hole' present in up to 65,000 routers in customers homes.
Time Warner Cable today rolled out a temporary patch for a security hole discovered by blogger David Chen. While helping a friend change the Wi-Fi settings on their SMC8014 series cable modem/Wi-Fi router combo, Chen noticed that the web admin for the router simply uses a script to hide certain menu options when the user does not have admin privileges.
"By simply disabling Javascript in the browser, I was able to access all the features of the router. With that access, I am now able to change the wifi settings, port-forwarding, etc.," writes Chen.
The software engineer and founder of social communications platform start-up, Pip.io, goes on to say this opened up access to a "Back Up Configuration File." With just one click, Chen reports that a text dump of the router's configurations was saved to his desktop and in there, was the login in and password in plaintext. So that's it, right? I mean, there's nothing else, is there? Wrong. Wired reports that Chen discovered the same login details could be used to access every router in the SMC8014 series on Time Warner’s network.
"Another issue which was alarming was the fact that, by default, the web admin is accessible from ANYWHERE on the internet. By running a simple port scan of Time Warner IP addresses, I easily found dozens of these routers, open to attack."
David says he contacted TWC's security department to warn the company and was told, “We are aware of it but we cannot do anything about it."
According to CNet the company has rolled out a temporary patch and is testing a permanent fix for the problem. It's nice to see that Time Warner Cable changed its tune.
- Apple iMac Goes Core i5, i7; Mac Mini Updated
- Apple's New Mouse is Magic, Has Multitouch
- Apple's White MacBook Goes Unibody Too
- New Triple Core Athlon IIs Are Great Value CPUs
- Stewie and Brian Announce Win 7 Movie, Sort of
- Ballmer Says Obvious: SideKick Outage "Not Good"
- Google Paying for WiFi on All Virgin America Flights
- Microsoft Store Opening With Win 7, Ashley Tisdale
- Modern Warfare 2 PC: No Dedicated Servers
- Sun Microsystems Cuts 3,000 Staff Due to Delays
- ''Pipe Dreams'' Computer Desk System, $30,000
- QOTD: Will You Be Running Win 7 Tomorrow?
- If You Hate Apple and Macs, Read This
- Rambus Making Mobile Memory More Efficient
- HP Makes Affordable 21.5" Touchscreen Win 7 LCD
- Businesses Find That Win 7 Saves Time, Money
- Canesta Developing 'Project Natal Killer'For PC
- Tons Of New Win7 Launch Hardware--Roundup
SMC Networks was recently made aware of a potential vulnerability in the firmware deployed in certain versions of its cable modems deployed on the Time Warner Cable network in North America. In specific and limited instances, the firmware could potentially be exploited by hackers intending to compromise the security of a user’s Internet connection and network.
SMC Networks has moved quickly to develop new firmware that fixes the potential vulnerability and eliminates the possibility of a customer illegally accessing other users’ computers or Time Warner Cable's network. The new firmware has already been delivered to Time Warner Cable who are pushing the update to their end users’ equipment. This update is being deployed by Time Warner Cable and will require that no action be taken by the end users.
SMC Networks and Time Warner Cable take its customers’ network security concerns very seriously and apologizes for any inconvenience that has been caused by this vulnerability. It is of the utmost importance to SMC to deliver to markets products that are secure, safe and reliable.