| reply to hobgoblin
Re: NYC TWC - Just got the Arris TG862 - can't access Web GUI said by hobgoblin:Its a tough one for any employee to post on a site like this in their free time. Sites like this attract way more negative than positive and to many its not a lot of fun to see the company in a negative light. This site is read by many employees and no one wants to put their livelihood at risk by posting incorrect or information that could be considered internal. I understand their situation, what I don't understand is, why even post if there is nothing positive they can contribute and risk their job.
Your exchange with Fleeced is a prime example. The issue with the 6141 was isolated to NYC. They have a very different billing system to most of the country, so his original statement could well have been correct for his area if he was indeed an employee.
No one posting in here makes any official statements and you jumping their butts as you have done to me many times spoils what can be some unofficial help.
Oh and I cant read anything in the direct forum. There is a separate group that looks after that.
Hob
Hobs, I second nony on locking the wireless modems. Those subscribers are put into risk of being compromised. Please tell TWC to let them make changes to their wireless settings, the way it is now it's easy to guess their shared keys. |
|
nony
join:2012-11-17
New York, NY
2 edits | said by bluepoint:said by hobgoblin:Hobs, I second nony on locking the wireless modems. Those subscribers are put into risk of being compromised. Please tell TWC to let them make changes to their wireless settings, the way it is now it's easy to guess their shared keys.
They will remediate. The current deployment of unsecurable wireless modems is an example of gross negligence by an underregulated monopoly. And this is indisputable in the security community. Or as we say "what were they thinking?!"
However, I may have been wrong in my post above where I suggested that if you are able to modify your PSK (in an effort to secure your home network/subscribed network) that the PSK setting will be retained after the eMTA gets its config file, in light of what Hob suggested, namely that a Tier3 tech can customize any and all parameters - including the default PSK.
In my case, I am configured for bridge mode, and I am able to retain my security settings including the PSK, but that may not be the case for "routed mode" where it counts big time for vulnerable subscribers.
If anyone in my market is interested in testing... PM me.
I could work this with Tier3, but I don't want to put them in an ackward position nor do their employers nor do their attorneys. I prefer to work with the LFA (Local Franchising Authority), which in my case is the City of New York (read different attorneys).
»www.nyc.gov/html/doitt/html/faq/···.shtml#1
-nony |
|
nony
join:2012-11-17
New York, NY
4 edits | Update: If you are a certified security practitioner (CISSP) and you work for a cable company and you post on this forum, and you are aware that all TWCNYNJ customers with ARRIS gateways are unwittingly being put at risk for identity theft - then you can step up to the plate or shame on you if you looked the other way.
You can't knowingly put your susbscribers at risk without penalty.
Details:
The secret key that allows access to your wifi (PSK) has zero-bit entropy by default because its guessable with 100% accuracy.
And you guys, have done nothing to protect us. If you previously worked for ARRIS and now work for TWC you are complicit big-time by remaining silent.
The combination of guessable PSK and the policy of preventing customers from changing the defaults so they are no longer at risk, without any notification that their "door is wide open" is an egregious misjudgement and violation of the public trust on the part of the regulated franchisee. Don't you guys have a whistleblower program? ARRIS and TWC, on the surface, are both complicit.
-nony |
|
pumany
join:2013-03-10
White Plains, NY | reply to nony
Hi Nony,
I have the Arris DG860 from time warner NYC. In the past, I was able to access it at the 192.168.0.1 address using the userid (admin) and password (password) with no problem. I had to set my modem to bridged and disable the firewall so my website would work.
I have noticed I can no longer get in using admin and password. Do you have any insight? I disconnected the coax cable, reset using the pin hole, and I was then able to get in using "admin" and "password", but as soon as I connected the coax cable, that changed and I couldn't get in. Does this make sense to you?
Thanks,
PumaNY |
|
| reply to kenanmir
Why don't you call in to have TWC bridge your modem? Then the router functionality is off and you have nothing else to worry about. |
|
| are you guys saying the pw for the wifi is basically easy to figure out?
that's what i told tw CSR and i said i felt unsecure about the pw. but they said its fine |
|
| reply to kenanmir
If you want to be technical, wireless is simply insecure, just like pretty much nothing is 100% secure. I think it takes about 2 hours or so with a good computer to crack WPA2 right now. WEP can be cracked on a cellphone in like 2 minutes.
What nony is getting at is the fact that with the correct packet sniffing programs, and a little knowledge of how the passwords work, it's easy to crack the default passwords. Then again, you're back to the old adage: Locks only keep honest people out. |
|
nony
join:2012-11-17
New York, NY
4 edits | wpa2 cracked?
Are you kidding?
Kindly cite your sources.
Edit: Ouch!
Edit: [Hole196 attack mitigation goes here] See -
»www.airtightnetworks.com/WPA2-Hole196
»wnss.sv.cmu.edu/courses/14829/f1···2_07.pdf
To be clear:
Hole196-based exploits are insider attacks which work off of a shared broadcast crypto key, unique to the access point and its clients. Consequently, a wireless attacker would first need to authenticate to the AP to acquire the broadcast key (the GTK - Group Temporal Key) before any harm could be done.
Consequently,
if you have selected a secure passphrase (not subject to a dictionary attack), you will be protected from the Hole196 exploits.
Whereas, the TWC/ARRIS scheme effectively broadcasts your WPA passphrase in the clear and as such is available to bad guys to take out critical infrastructure on a massive scale (I won't elaborate) using our access points as launch pads (in addition to the personal risks that have been fleshed out in this thread). Governmental entities should be concerned for obvious reasons.
It also follows that the insider attacks mentioned above will apply if you are forced by TWC/Arris to maintain the default passphrase.
-nony |
|
nony
join:2012-11-17
New York, NY
4 edits | reply to pumany
Yes. This part makes sense -
Prior to registration, by design, you are able to access a superset of resources, which (also by design) you won't be able to access after registration.
In my testing, I could disconnect the upstream cable and wait a few minutes, until my device reverted to its pre-registration state.
Then I would enable telnet and log on to the full cli using the technician credentials, and capture the traffic (using snmp)
On a more basic level, the admin/password credential would work when I was connected directly to a switch port, using a default ip address, but would not work if I attempted to connect via a downstream router.
In bridged mode, you should be able to access the configuration gui and log on with a direct connection, by assigning a static ip address e.g., 192.168.100.2 on your client pc/mac using the default credentials, both before and after registration (See my posts above)
-nony |
|
|
|
nony
join:2012-11-17
New York, NY
3 edits | reply to Titan01
said by Titan01:are you guys saying the pw for the wifi is basically easy to figure out?
that's what i told tw CSR and i said i felt unsecure about the pw. but they said its fine
The contractual agreement between TWC and Arris specifies defaults that put you at risk. They didn't intend to put you at risk, but they failed in their due dilligence to address the toxic flaw(s) that allows two-bit criminals to rip you off for all your worth.
So, don't trust the wifi, and wait for the case law to play out, but continue to trust the advice of the reps who post here.
-nony |
|
| so what should i do for the time being |
|
| reply to kenanmir
Call TWC, bridge the modem and use your own router, which is what I recommend anyways. |
|
nony
join:2012-11-17
New York, NY
1 edit | reply to nony
Of interest -
GAO report on wireless security (challenges and opportunities) including but not limited to the consumer space.... (published September 2012)
»gao.gov/assets/650/648519.pdf
-nony |
|
