Sister CISA CISSP

Oct 21 2009   6:52PM GMT

Using Time-Warner as Your Internet Provider? Check Your Modem QUICKLY



Posted by: Arian Eigen Heald
Tags:
Data Breaches
data security
information security
Stupid Technology
Tearing My Hair Out
Wireless

As lf 10/20/09, a software maven has written of a major security hole (one you can drive a TRUCK through) in the wifi/cable modem models issued to customers who don’t want to use their own equipment.

Here’s the link, in all its’ details, by David Chen, writing up the vulnerability, which HAS been confirmed by Time-Warner. As of this writing, Time-Warner has no plans to change or resolve the vulnerability.

Here’s the quick version:

The modem: SMC8014 series cable modem/wifi router combination

Issue 1 : Time-Warner/SMC has the modem locked down in a default mode which is not accessible to the average user. The default configuration has a default username/password and has locked WEP as the wifi encryption with a standard SSID. (You might as well make the SSID: HACK_ME_I’M_EASY)

Issue 2: Admin access to the modem is disabled via Javascript. When David Chen disabled Javascript in his browser, he could see all the admin features, including something called “Backup Configuration File.”

Issue 3: The backup configuration file comes in a plain text file, which includes the admin ID and password. In plain text.

Issue 4: By default, the web admin interface is accessible from ANYWHERE on the internet. By running a simple port scan of Time Warner IP addresses, David Chen easily found dozens of these routers, open to attack.

So you KNOW that this since this has been picked up by Wired every knucklehead out there will be looking for these routers to play with.

The resolution to this mind-boggling issue that Time-Warner says they can’t do anything about?

Replace the modem – ASAP. And, complain, complain, complain.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • AdamWood
    SMC Networks was recently made aware of a potential vulnerability in the firmware deployed in certain versions of its cable modems deployed on the Time Warner Cable network in North America.  In specific and limited instances, the firmware could potentially be exploited by hackers intending to compromise the security of a user’s Internet connection and network.   SMC Networks has moved quickly to develop new firmware that fixes the potential vulnerability and eliminates the possibility of a customer illegally accessing other users’ computers or Time Warner Cable's network.  The new firmware has already been delivered to Time Warner Cable who are updating their end users’ equipment. This update will require that no action be taken by the end users.   SMC Networks take its customers’ network security concerns very seriously and apologizes for any inconvenience that has been caused by this vulnerability.  It is of the utmost importance to SMC to deliver to markets products that are secure, safe and reliable.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: