Gaping Security Hole Turns Cable Modems Into Hacker Prey
- Monday, November 9, 2009, 4:29
- Sci-Tech
- 4 views
- Add a comment
A blogger helping to tune a friendâs wi-fi network uncovered a gaping security hole in Wi-Fi cable modem routers installed in 64,000 Time Warner subscribersâ homes, leaving them open to attack.
10 of the Worst Moments in Network Security History
Time Warner says that within the past week it has patched the problem until the manufacturer can provide a permanent fix, but before that it had allowed administrative access to the routers. Attackers could then run a variety of programs against these routers, says David Chen in his blog Chenosaurus.
Because the vulnerability let anyone anywhere on the Internet take over control of the router, they could launch attacks from within Time Warner customersâ homes.
âFrom within your own network, an intruder can eavesdrop on sensitive data being sent over the Internet and even worse, they can manipulate the DNS address to point trusted sites to malicious servers to perform man-in-the-middle attacks,â Chen writes. âSomeone skilled enough can possibly even modify and install a new firmware onto the router, which can then automatically scan and infect other routers automatically.â
Chen says he discovered that administrative control of the routers had been blocked by a Java script. He disabled Java on his friendâs router and had access to all the routerâs settings. He opened the backup configuration file and discovered the administrative login and password in plaintext.
He says he was able to run a port scan on Time Warner IP addresses and found dozens of these routers that were open to attack. The router involved is the SMC 8014 wireless router and cable modem, says Alex Dudley, vice president of public relations for Time Warner. He says his company is waiting for a permanent fix from SMC that Time Warner will run quality assurance testing on before pushing it to the affected routers.
Chen also notes that the router allows only Wired Equivalent Privacy encryption, which he says is readily broken, allowing anyone who can break WEP access to the network. He also says the fixed format for the routersâ SSIDs makes it possible to figure out which Wi-Fi networks are run by SMC 8014s. â PC World
Related posts:
- Time Warner Routers Still Hackable Despite Company Assurance
- U.S. pandemic options include crippling home modems
- DoorStop X security suite ready for Snow Leopard
- Broadcast pioneer NBC prepares for cable takeover (AP)
- Renowned Airport Security Experts Gather to Discuss Their Strategies for 2010 and Beyond at the 2nd Annual Airport Security Summit 2010, Dubai
Write a Comment
Gravatars are small images that can show your personality. You can get your gravatar for free today!
