- IBM cat brain simulation dismissed as 'hoax' by rival scientist
- Cisco pedigree wins over VCs
- De-Worm your iPhone
- Steve Jobs is a man of a few words
- Holiday gift guide
A blogger helping to tune a friend's wi-fi network uncovered a gaping security hole in Wi-Fi cable modem routers installed in 64,000 Time Warner subscribers' homes, leaving them open to attack.
10 of the Worst Moments in Network Security History
Time Warner says that within the past week it has patched the problem until the manufacturer can provide a permanent fix, but before that it had allowed administrative access to the routers. Attackers could then run a variety of programs against these routers, says David Chen in his blog Chenosaurus.
Because the vulnerability let anyone anywhere on the Internet take over control of the router, they could launch attacks from within Time Warner customers' homes.
"From within your own network, an intruder can eavesdrop on sensitive data being sent over the Internet and even worse, they can manipulate the DNS address to point trusted sites to malicious servers to perform man-in-the-middle attacks," Chen writes. "Someone skilled enough can possibly even modify and install a new firmware onto the router, which can then automatically scan and infect other routers automatically."
Chen says he discovered that administrative control of the routers had been blocked by a Java script. He disabled Java on his friend's router and had access to all the router's settings. He opened the backup configuration file and discovered the administrative login and password in plaintext.
He says he was able to run a port scan on Time Warner IP addresses and found dozens of these routers that were open to attack. The router involved is the SMC 8014 wireless router and cable modem, says Alex Dudley, vice president of public relations for Time Warner. He says his company is waiting for a permanent fix from SMC that Time Warner will run quality assurance testing on before pushing it to the affected routers.
Chen also notes that the router allows only Wired Equivalent Privacy encryption, which he says is readily broken, allowing anyone who can break WEP access to the network. He also says the fixed format for the routers' SSIDs makes it possible to figure out which Wi-Fi networks are run by SMC 8014s.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (6)
Javascript, not JavaBy Anonymous on October 21, 2009, 6:48 pmIt's JavaScript. Java and JavaScript are two different things, they just share the first 4 letters.
Reply | Read entire comment
It appears to be an SMC issue with their router than an actual TBy Anonymous on October 23, 2009, 11:03 amIt appears to be an SMC issue with their router than an actual Times Warner issue.
Reply | Read entire comment
ECMAScript not JavaScriptBy Anonymous on October 23, 2009, 11:11 amJavaScript is ECMAScript and they share the last 5 letters. http://www.ecmascript.org/ No one should be using WEP anymore. It's inherently weak.
Reply | Read entire comment
Don't get a "fix", get a new Modem!By Dan_Aquinas on October 23, 2009, 1:06 pmIf Chen is correct that the SMC 8014 modem only supports WEP, then "anonymous"' is absolutely correct about not using WEP due to its security weakness. Time-Warner...
Reply | Read entire comment
Why?By Anonymous on October 23, 2009, 5:37 pmSeriously, TimeWarner "patched" the problem for now? The ISPs influence (should) stop(s) at the cable "modem" function. Anything inward beyond that function is...
Reply | Read entire comment
Since Time Warner providesBy Anon on October 26, 2009, 4:20 pmSince Time Warner provides the modem, and since the wireless is a function of that modem (it's a combination cable modem with built-in wireless router) then Time...
Reply | Read entire comment
View all comments