Time Warner Router Flaw Exposes Customers

There’s a rudimentary vulnerability in a cable modem/wireless router installed in tens of thousands of homes by Time Warner that could enable an attacker to get full access to the router quite easily.

There’s a rudimentary vulnerability in a cable modem/wireless router installed in tens of thousands of homes by Time Warner that could enable an attacker to get full access to the router quite easily. The vulnerability, which was discovered and disclosed recently by a blogger named David Chen, is in the SMC8014 series of cable modems, which Time Warner installs in some of its cable customers’ homes. The flaw lies in the way that the modem and router is configured. As Chen was trying to help a friend reconfigure his modem, he noticed that the admin interface was protected by nothing more than a piece of JavaScript code. By disabling JavaScript in his browser, Chen was able to access the admin features and take complete control of the modem.

Chen found that this also could be done remotely, thanks to a feature that enables admin access from any Internet-connected machine.

Now you can now put two and two together and realize that this has
opened a gaping hole on every single Time Warner customer’s network
that uses the SMC8014.  By forcing the customers to use only WEP
encryption on their wifi network, they are allowing anyone to penetrate
the network with ease.  Also by using a fixed format for the SSID, it’s
extremely easily tell which wifi network is using the device.  Once
inside, anyone can access the router’s web interface and login with the
admin account.  What makes this even scarier, is the fact that the web
interface is accessible from anywhere.  From within your own network,
an intruder can eavesdrop on sensitive data being sent over the
internet and even worse, they can manipulate the DNS address to point
trusted sites to malicious servers to perform man-in-the-middle
attacks.  Someone skilled enough can possibly even modify and install a
new firmware onto the router, which can then automatically scan and
infect other routers automatically.

Chen said he contacted Time Warner officials about the vulnerability and was told that the company knew about the problem but was unable to do anything about it. Kim Zetter of Wired’s Threat Level blog reports that Time Warner is working on the problem, and says that only a small number–about 65,000–of its customers have the SMC8014 modems.

Suggested articles

Video: Researchers Knock Out a $3K First Responder’s Radio With a $30 Children’s Toy

During the Reagan Administration, the ‘government waste’ meme was all about $600 toilet seats and $300 hammers. Those looking for a more contemporary example of how government procurement gets it wrong might point, instead, to Project 25 (P25), a decade old effort to provide first responders and federal officials with a reliable and secure emergency radio system.

With Autos At CES, Are Vehicle Hacks Far Behind?

Sometimes news events just come together in a way that opens a window
– even if its a kind of cloudy window – onto the future. So it was this
week, as stories about a coming generation of wired automobiles
collided with some thought-provoking reports on the vulnerability of
said cars to traditional kinds of wireless attacks.

Discussion

  • Anonymous on

    So, If I don't have the SMC8014, do I have WPA encryption or is it still WEP?  I don't have the SMC8014 as far as I can tell but now I'm  concerned about TWCs lack of security. 

  • Lynn 'Red' Skelton on

    Unable to do anything about it? That is crazy. What they do is replace all those modems with a more secure modem. That is what they do about it. Otherwise, they are facing a potential law suit and loss of customers if someone gets hacked and their identity stolen because of this security flaw that could have been easily resolved. I know that if I was a Time Warner customer and I saw this posting and seemingly lack of concern for their customer's security I would be changing to someone else immediately.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.