October 22, 2009, 10:15AM

Time Warner Router Flaw Exposes Customers

Follow @DennisF

There's a rudimentary vulnerability in a cable modem/wireless router installed in tens of thousands of homes by Time Warner that could enable an attacker to get full access to the router quite easily. The vulnerability, which was discovered and disclosed recently by a blogger named David Chen, is in the SMC8014 series of cable modems, which Time Warner installs in some of its cable customers' homes. The flaw lies in the way that the modem and router is configured. As Chen was trying to help a friend reconfigure his modem, he noticed that the admin interface was protected by nothing more than a piece of JavaScript code. By disabling JavaScript in his browser, Chen was able to access the admin features and take complete control of the modem.

Chen found that this also could be done remotely, thanks to a feature that enables admin access from any Internet-connected machine.

Now you can now put two and two together and realize that this has opened a gaping hole on every single Time Warner customer’s network that uses the SMC8014. By forcing the customers to use only WEP encryption on their wifi network, they are allowing anyone to penetrate the network with ease. Also by using a fixed format for the SSID, it’s extremely easily tell which wifi network is using the device. Once inside, anyone can access the router’s web interface and login with the admin account. What makes this even scarier, is the fact that the web interface is accessible from anywhere. From within your own network, an intruder can eavesdrop on sensitive data being sent over the internet and even worse, they can manipulate the DNS address to point trusted sites to malicious servers to perform man-in-the-middle attacks. Someone skilled enough can possibly even modify and install a new firmware onto the router, which can then automatically scan and infect other routers automatically.

Chen said he contacted Time Warner officials about the vulnerability and was told that the company knew about the problem but was unable to do anything about it. Kim Zetter of Wired's Threat Level blog reports that Time Warner is working on the problem, and says that only a small number--about 65,000--of its customers have the SMC8014 modems.

Commenting on this Article is closed.

Comments

Submitted by Anonymous (not verified) on Fri, 10/30/2009 - 2:26pm.

So, If I don't have the SMC8014, do I have WPA encryption or is it still WEP? I don't have the SMC8014 as far as I can tell but now I'm concerned about TWCs lack of security.

Submitted by Lynn 'Red' Skelton (not verified) on Fri, 10/08/2010 - 3:36pm.

Unable to do anything about it? That is crazy. What they do is replace all those modems with a more secure modem. That is what they do about it. Otherwise, they are facing a potential law suit and loss of customers if someone gets hacked and their identity stolen because of this security flaw that could have been easily resolved. I know that if I was a Time Warner customer and I saw this posting and seemingly lack of concern for their customer's security I would be changing to someone else immediately.