X

Time Warner testing fix to hole in home router

Blogger discovers hole in a combination cable modem/Wi-Fi router used by Time Warner customers that opens the network up to snooping and Web site redirects.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
See full bio
Elinor Mills
2 min read

This is the SMC8014WG-S cable modem/Wi-Fi router provided to Time Warner cable customers that has a security hole. SMC

Time Warner has rolled out a temporary patch and is testing a permanent fix for a security hole in a combination cable modem/Wi-Fi router that could allow anyone to access the private network of its customers, snoop on sensitive data, and direct customers to malicious Web sites.

The vulnerability in the SMC8014 cable modem/Wi-Fi router provided to customers was detailed in a blog post written by David Chen, a software engineer and co-founder of the Pip.io social communications platform start-up.

"We are aware of the issue and we are hard at work on a solution and have been for quite some time," Alex Dudley, a Time Warner Cable spokesman, said on Tuesday.

"The manufacturer has developed a fix," he added. "We believe it will work and we are testing it now to make sure it won't affect our network in other ways."

In the meantime, customers should be protected by a temporary patch, he said. Time Warner will push the permanent fix out to the affected devices from its regional data centers, possibly as soon as a matter of days, Dudley said.

About 67,000 devices across Time Warner's network are affected out of 14 million devices total, according to Dudley.

Chen wrote that he discovered that the administration features of the router had been disabled via JavaScript and that he was able to access all the features of the router by disabling JavaScript in the browser.

In addition, the device relied only on WEP encryption, which can be cracked easily, and it used a fixed format for the SSID (service set identifier), which makes it easy to tell which Wi-Fi network the device is using, he wrote.

"It just gets better from here. The extra features that I now had access to included a little item called 'Back Up Configuration File,'" Chen wrote. "When I clicked it, a text dump of the router's configurations was saved to my desktop. Upon examination of this file, I found the admin login & password in plaintext. Another issue which was alarming was the fact that by default, the web admin is accessible from ANYWHERE on the internet. By running a simple port scan of Time Warner IP addresses, I easily found dozens of these routers, open to attack."

Chen said he contacted Time Warner's security department and warned them about the security issue and that they weren't helpful at all.

Asked to comment, Dudley said: "Security is a primary concern and also a constant effort. So while we are currently working hard on ensuring this particular vulnerability is addressed as soon as possible, we are generally always working to improve and ensure the security of the network."