65,000 Time Warner Customers Exposed to Vulnerabilities

Paul Lilly

Yikes - it was discovered that a vulnerability in a Time Warner cable modem and WiFi router being used by 65,000 customers makes it possible for a hacker to remotely access the device's administrative menu and wreak havoc, To deal with the problem, Time Warner said it hopes to have updated firmware from the router manufacture to push out to customers soon.

"We were aware of the problem last week and have been working on it since," said Time Warner spokesman Alex Dudley.

The security snafu affects Time Warner's SMC014 series combo modem/WiFi router and was discovered by blogger David Chen, who writes for chenosaurus.com. Chen said he was trying to help a friend change the settings on his cable model when he discovered Time Warner had hidden some admin functions using JavaScript code. All he had to do was disable JavaScript in his browser and he could see those functions, including a tool to dump the router's config file displaying the admin login and password.

"From within your own network, an intruder can eavesdrop on sensitive data being sent over the Internet and even worse, they can manipulate the DNS address to point trusted sites to malicious servers to perform man-in-the-middle attacks," Chen wrote on his blog. "Someone skilled enough can possibly even modify and install a new firmware onto the router, which can then automatically scan and infect other routers automatically."

Time Warner said it is working to find out if the same or a similar vulnerability also affects other models.

Image Credit: SMC via Wired.com

Around the web