dslreports logo
site
spacer

spacer
 
   
spc
story category
Time Warner Cable Security Flaw Exposes 65,000
SMC combination router/modem can be hijacked...
by Karl Bode 08:13AM Wednesday Oct 21 2009
A vulnerability in a Time Warner combination Wi-Fi router and cable modem could allow a hacker to remotely access the device's administrative menu over the internet, according to blogger David Chen. Time Warner Cable has confirmed the flaw, which impacts some 65,000 Time Warner Cable broadband users. According to Chen, he discovered the vulnerability when trying to change the unit's default encryption from WEP to WPA2, only to find the unit's administration functions were disabled via javascript. Chen simply disabled browser Javascript:
quote:
Click for full size
The extra features that I now had access to included a little item called "Back Up Configuration File". When I clicked it, a text dump of the router's configurations was saved to my desktop. Upon examination of this file, I found the admin login & password in plaintext. Another issue which was alarming was the fact that by default, the web admin is accessible from ANYWHERE on the internet. By running a simple port scan of Time Warner IP addresses, I easily found dozens of these routers, open to attack.
Chen claims he got in touch with Time Warner Cable's security department four weeks ago, but was told "we are aware of it but we cannot do anything about it." Time Warner Cable says they're aware of the router vulnerability and are working quickly to resolve the issue. They also note that the unit, made by SMC, only comprises a small portion of their 14 million customer base.

view:
topics flat nest 

baineschile
2600 ways to live
Premium
join:2008-05-10
Sterling Heights, MI

Eh

If a competant hacker knew what he was doing, basic security that all wireless uses can be accessed.

Sabre
Di relung hatiku bernyanyi bidadari

join:2005-05-17

Re: Eh

said by baineschile:

If a competant hacker knew what he was doing, basic security that all wireless uses can be accessed.
Fair enough, but I think this is less about "hackability" than it is about incredibly poor network security management by TW. If they set the system up this way, leaving a customer-end unit so exposed is stupid and dangerous. If this was left in this configuration by SMC or by a third party programmer, then they are similarly negligent and one could point a finger at TW for allowing it to happen.

It'll be interesting to hear if there's more to this story.
--
With all its sham, drudgery, and broken dreams, it is still a beautiful world.

Save American Soccer - Stop the MLS!

jester121
Premium
join:2003-08-09
Lake Zurich, IL
But wireless security is only vulnerability when you're in range of the radio -- this vulnerability is accessible from anywhere.

maartena
Elmo
Premium
join:2002-05-10
Orange, CA
kudos:3
said by baineschile:

If a competant hacker knew what he was doing, basic security that all wireless uses can be accessed.
Yeah but this is the kind of hacking anyone with a little computer experience can do. It doesn't take a rocket scientists to disable java scripts in a browser to see what that does.

And although a small percentage, 65.000 users could equal hundreds of online bank accounts and credit cards, IF someone indeed is able to abuse the unit to GAIN access to anything, which I don't know is the case. But if the admin side can be accessed from the internet side, you bet someone is finding out some way of exploiting it.

Best thing that TWC could do is give SMC two weeks to come up with a firmware that fixes this issue and then roll it out to the affected users. If that can't be done, contact the users in question and replace the modems. 65.000 is country wide, which would probably translate into a few thousand per division, which is oversee-able.
--
"I reject your reality and substitute my own!"

crazyk4952
Premium
join:2002-02-04
united state
kudos:1
Reviews:
·CenturyLink
·Vitelity VOIP
·Charter
·Callcentric

A drop in the bucket

They also note that the unit, made by SMC, only comprises a small portion of their 14 million customer base.
Well I guess that just makes it OK then, doesn't it? After all, that's only 0.005% of their customers. Such a small number, right?

I sure would hate to be one of the people affected by this issue since we can see Charter's attitude about this...
jac74

join:2004-11-14
Rochester, NY

Re: A drop in the bucket

this small percentage equals the number of users that have been educated on TWC's metered billing "benefits" plan...
amungus
Premium
join:2004-11-26
America
Reviews:
·Cox HSI
·KCH Cable

1 recommendation

Throw 'em out!

Who on earth leaves web admin access open on a router? Is this not disabled by default on all of them?

If TW isn't responsible, I'd say the manufacturer is negligent here. Incredibly lame.

One more reason to buy your own equipment, understand it, or at least have a friend/family member help set it up somewhat securely.

WEP aside, leaving web admin access on is just totally pointless for 99% of users, not to mention a much worse thing to leave enabled in comparison. Might as well plug your computer straight in to a modem with no firewall at all...

I'd be buying a modem, and a router, and sending TW the bill until they figure out their equipment.
k1ll3rdr4g0n

join:2005-03-19
Homer Glen, IL

Re: Throw 'em out!

said by amungus:

Who on earth leaves web admin access open on a router? Is this not disabled by default on all of them?

If TW isn't responsible, I'd say the manufacturer is negligent here. Incredibly lame.

One more reason to buy your own equipment, understand it, or at least have a friend/family member help set it up somewhat securely.

WEP aside, leaving web admin access on is just totally pointless for 99% of users, not to mention a much worse thing to leave enabled in comparison. Might as well plug your computer straight in to a modem with no firewall at all...

I'd be buying a modem, and a router, and sending TW the bill until they figure out their equipment.
HAHA OH MAN DSLR members make me laugh so hard.

You want Customers to actually understand how their equipment works? Priceless.
I think first we should make everyone take "Phishing 101" or at least "Basic computer troubleshooting 101".

I actually had someone call an ethernet cable, no joke, the "internet cable". Take your laptop out down the street in your neighborhood and see how many open wifi APs there are, and how many of those have a default admin username/password. People are so ignorant to computers. In fact me and a friend went around the neighborhood to try to get people alerted to the fact they have an open wifi - no one called us. There is only so much you can do for other people.

Sabre
Di relung hatiku bernyanyi bidadari

join:2005-05-17

Re: Throw 'em out!

Yes, most people are hopelessly ignorant. That doesn't change the fact that people should be more knowledgeable about what they own.

Owning a computer has, frankly, become so widespread that the need to know, really know, how to use one has been overlooked. Like most everything else, it's not a fundamental right, and just buying a computer won't bring you into the modern day or make you tech-savvy. If anything this is an argument that a whole lot fewer people should be owning computers than currently do.

(/rant)
--
With all its sham, drudgery, and broken dreams, it is still a beautiful world.

Save American Soccer - Stop the MLS!

Bill Neilson
Premium
join:2009-07-08
Arlington, VA

Re: Throw 'em out!

What exactly should be learn? Exactly that is....is there some book about what specifically should be learned?

I am interested about what SPECIFICALLY should be made mandatory and what shouldn't
k1ll3rdr4g0n

join:2005-03-19
Homer Glen, IL

Re: Throw 'em out!

said by Bill Neilson:

What exactly should be learn? Exactly that is....is there some book about what specifically should be learned?

I am interested about what SPECIFICALLY should be made mandatory and what shouldn't
Lets see for starters:
How to identify a phising email
Basic computer troubleshooting - including BIOS beep codes, Using Windows safe mode, command line intro for both Linux and Windows
Differences and similarities between Linux, Unix, Windows, and Mac.
Intro to the Internet 101
Basic programming

I know you asked for specifics, but I wont write the lesson plans for you - you can get a good enough idea from my list.

One may say "Why did you include X?" I felt that those subjects are the most important that came to the top of my head. "Why didn't you include X?" no specific reason, I probably didn't even think about it.

One of my professors, has to get help to change the input on the projector. And they have a doctorate. I mean t's just fundamental subjects like that should be pounded into peoples heads.
Should we state a double standard and say that I should learn the basics in their field? Not necessarily. We use technology on a day-to-day basis do we not? Should we not at least have basic comprehension of the tools that we use in our day-to-day lives? I ask you this.
patcat88

join:2002-04-05
Jamaica, NY
kudos:1
said by amungus:

WEP aside, leaving web admin access on is just totally pointless for 99% of users, not to mention a much worse thing to leave enabled in comparison. Might as well plug your computer straight in to a modem with no firewall at all...
Maybe someone wants to the change port forwarding remotely so they can VNC into a particular machine on their LAN. Admin screen is obviously passworded.

rit56

join:2000-12-01
New York, NY

College Kids

My router was locked with what I thought a decent password. One of my two computers expired due to age in April and I didn't bother replacing it. An old desktop. I shut down my router and I hard wired my lap top directly to the modem and noticed immediately dramatically improved download speeds. Within 2 weeks two of my neighbors ( I live in an apartment building with 20 units), 2 separate apartments, college kids came to my apartment and asked if they could pay me 10 or 20 dollars a month to piggy back off my internet as they didn't, I presume, want to incur the full cost of an install and monthly service. I declined both of them but I realized that they both and their roommates were using my internet for months. One of them told me there is software available on the internet that allows you to easily hack someones router. I never held it against either of them and as beautiful as they both were, lovely young ladies, I still said no. They can get their own. SO if they're downloading movies and music it must have appeared as if I was quite a hog.. I'm not a router fan.
ElJay

join:2004-03-17
Reviews:
·Time Warner Cable

1 edit

Re: College Kids

Hack the router? Sounds like you had a wireless access point in the router that was either unsecured or poorly secured (WEP). There is no "hacking" a WPA2-secured wireless network that has a strong key.

How did the other tenants know it was yours? I'd highly recommend using a SSID (network name) that is generic to your name or location.

rit56

join:2000-12-01
New York, NY

Re: College Kids

I used my first name as the name of the router. go ahead and laugh. it was my first time setting one up and I named it after myself. so it was pretty easy to figure out where it originated. I'm not slamming routers I just had a bad experience. Same with bluetooth. Dell blows. This is my last PC by the way. I'm over it. I have a keyboard and mouse that connects with blue tooth and when the battery gets weak it loses it's link and when I put in new batteries it shows the keyboard but it doesn't work, won't link up. It then takes me a day sometimes many days to re-sync. It has made me wary of bluetooth technology. Oh when it does link up it shows all my neighbors devices and asks me if I want to link up to their equipment. I had a bad experience with this PC and it's glitchy things which I no longer want to tolerate. Microsoft products are not good. sorry for ranting.

tshirt
Premium,MVM
join:2004-07-11
Snohomish, WA
kudos:5
Reviews:
·Comcast
said by ElJay:

There is no "hacking" a WPA2-secured wireless network that has a strong key.

YET.
WPA2 AES is Probably (as far as we know) the best choice AFTER wired. But once upon a time, wpa-tkip was good, before that WEP was......
Broadcast it and they will come........

bent
and Inga
Premium
join:2004-10-04
Loveland, CO

1 recommendation

said by rit56:

I never held it against either of them and as beautiful as they both were, lovely young ladies, I still said no.
I would have held something against them in exchange for free internet.
--
Greedy Old Pigs

antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4

Ambit/Ubee U10C018 cable modem...

Now if I could add my own password to Ambit/Ubee U10C018 cable modem (not a router). :P

tshirt
Premium,MVM
join:2004-07-11
Snohomish, WA
kudos:5

BTW

BTW anyone who uses a SMC8014WG (or similar) should be aware this is a FIRMWARE problem, and it MAY effect ANYONE using this model (family) on ANY provider.

dvd536
as Mr. Pink as they come
Premium
join:2001-04-27
Phoenix, AZ
kudos:4

Theres nothing they can do. . . . .

With pay per byte coming they don't want to lock down a lucrative way to overages. hacker plays, sub pays.
--
When I gez aju zavateh na nalechoo more new yonooz tonigh molinigh - Ken Lee