Time Warner home routers still open to attack, blogger says
A blogger who found a security hole affecting 67,000 combo modem/router devices says they are still vulnerable to attack.
If you have an SMC8014 cable modem/Wi-Fi router from Time Warner your network might still be vulnerable to attack.
Blogger David Chen reportedon a security hole affecting about 67,000 combo modem/router devices that could allow anyone to access Time Warner customers' private networks, snoop on sensitive data, and direct users to malicious Web sites.
At the time, Time Warner Cable spokesman Alex Dudley said a patch was being rolled out and a permanent fix was being tested.
On Monday, Chen published an update to his blog that says he is still finding evidence that the devices are still vulnerable.
In the last week, I have not seen a single bit of evidence that supports their claims of a 'temporary patch.' I contacted Time Warner reps on Twitter to find out more about the measures they took to temporarily fix this issue; I have yet to receive a response," writes Chen, co-founder of a start-up called Pip.io.
"A quick nmap (network mapper security) port scan of a random Time Warner subnet showed dozens of routers still open and vulnerable to attack. When the scan was expanded to more ips (IP addresses), hundreds of routers were found," he added.
Dudley, who was traveling on Monday and unavailable to comment until late in the day, said: "We do have a patch and if it is not in place in a particular device or a small number of devices it will be shortly."
Asked how many devices had been patched, he said he did not know.
Meanwhile, a permanent fix was still in quality assurance testing, Dudley said.
In his blog post, Chen provides suggestions for how Time Warner Cable could fix the problem, including change the default configuration of the routers to use WPA2 instead of WEP for Wi-Fi encryption and Disable access to the router's Web administration page from outside IP addresses.
"Of course the best idea would be to immediately recall those routers and issue your customers real cable modems and decent wifi routers with good security," he wrote.
And for Time Warner Cable customers who are using the devices, Chen urged them to call the company and ask for a replacement cable modem and use a separate router.
Updated on October 27 at 11:23 a.m. PDT to correct blogger's first name.