Charter Website Flaw Exposed Customer Information Friday May 22 2015 08:31 EDT 18 year old security researcher Eric Taylor has found a security vulnerability in Charter Communication's website exposing the personal data of around a million users. Speaking to Fast Company, Taylor stated that a simple header modification performed with a browser plug-in could reveal details about Charter broadband customers. Taylor was the same person that discovered a similar vulnerability in Verizon's website earlier this month, and the same vulnerability in Comcast's systems back in 2013.While the Verizon vulnerability "only" exposed user IDs, phone numbers, and device names, the Charter flaw exposed "way way way more" personal data. Like Verizon, Charter's website identified Charter customers by IP address, which made spoofing an identity a relatively trivial affair: quote: Using a lightweight add-on for Firefox to modify HTTP headers, called "X-Forwarded-For Header," an attacker essentially could pass off a Charter customer's IP address as their own. The plug-in, as its description explains, "Inserts a X-Forwarded-For field into the HTTP Request header. Some servers look at this field to identify the originating IP address."
While credit card numbers weren't exposed, payment details, modem serial numbers, device names, account numbers and home addresses were. In a statement Charter insisted that around 1 million of the company's 5.9 million customers were impacted by the flaw. |
SuntopWolfrider Elf Premium Member join:2000-03-23 Fairfield, MT ·T-Mobile Netgear R6400 Netgear WNR1000 Netgear WNDR3400
1 recommendation |
Suntop
Premium Member
2015-May-22 8:41 am
TypicalWhen will these companies realize that personal information like Home Address, names and such should be as secured as the credit card numbers are in that system. Does it cost them a lot of money to program their systems to do so? Or are they just cutting corners? And an 18 year old found this out? It makes me wonder if a malicious teenager found out what could of happened?
Why are cable companies so damned screwy lately? I mean even Comcast was in the news again too over their alarm system that they YES yet again contracted out.... And then to avoid getting sued they put in a clause that holds them harmless if some homicidal maniacs come in and attempt to kill a loved one. Like in the Seattle area. It is like these cable companies do not care about customer safety. Who knows how many people now have their houses watched by dangerous individuals looking to cause mayhem? They have their addresses. Sure someone found this out and reported it but what happened BEFORE THEN?
I hope people are watching out for their safety.
Come on cable companies WAKE UP and protect your customers. They pay your wages and bills! | |
| | |
crooked
Member
2015-May-22 10:45 pm
Re: TypicalIt's cheaper to deal with the PR repercussions of the info leaking than it is to actually build security into their tech :s | |
|
|
Is this really news?Charter is probably the only cable company who is far behind in any tech such as their site, streaming apps and their DVRs which still use those 90s cable guide. | |
| tshirt Premium Member join:2004-07-11 Snohomish, WA
1 recommendation |
tshirt
Premium Member
2015-May-22 12:42 pm
It was bad enough......when this flaw first showed up at Comcast in 2013, but to find out in 2 years neither Verizon nor Charter IT security checked their own networks for the (now)KNOWN flaw? neither is so small or struggling that they couldn't have a regular, proactive, penetration/vunerability testing programs... certainly for all known flaws as well as in house and outreach to "security researchers" or even script kiddies of any age could report (and even be rewarded) for finding new unknowns. | |
| |
1 recommendation |
Re: It was bad enough...What is even sadder is no other security team bothered to check and it took them 2 years to find it. For all we know some blackhats did check and they had access for 2 years. | |
|
|
The_ANoN
Anon
2015-May-23 11:49 am
SmhYet another reason why Charter just might be the worst cableco in the US...theyre horrible! | |
| | cork1958Cork Premium Member join:2000-02-26 |
cork1958
Premium Member
2015-May-25 8:27 am
Re: SmhI don't know about the worst cableco in the U.S. but they have always been a day late on everything they've ever done compared to anyone else! | |
| | |
chartersucks to The_ANoN
Anon
2015-May-26 12:34 am
to The_ANoN
And these clowns want to buy time warner | |
|
| |
|