Security vulnerabiity found in Time Warner cable modems

Security vulnerabiity found in Time Warner cable modems
Problems with the configuration of a modem provided by Time Warner Cable to more than 60,000 broadband internet customers make it easy for a hacker to gain control of the unit remotely.

The problems were spelled out by blogger David Chen after he tried to help a friend change some settings on his Time Warner provided SMC8014WG-SI cable modem/router. To anyone with a modest understanding of security his findings will likely be a little surprising.



As with many ISP-provided routers, the Time Warner units disable customer access to a number of advanced features. Shockingly, however, Chen found some important administrative features were still there, and simply masked by Javascript.

By simply disabling Javascript support in his browser he was able to access these additional options, including one which allowed him to print out the device's configuration. That printout included the admin login and password in clear text.

He also came to the realization that this information could be used to hack into any of these routers provided by Time Warner because the web administration interface is enabled.

A Time Warner representative contacted by Wired Magazine's Kim Zetter indicated they "have been working on it."

It's at least a better response than David Chen got when he Contacted the ISP on his friend's behalf. He was told "we are aware of it but we cannot do anything about it."

Written by: Rich Fiscus @ 22 Oct 2009 5:32
Advertisement - News comments available below the ad
  • 4 comments
  • DXR88

    you bloody idiot. well there just went your advanced timing for a 30/10 connection.

    24.10.2009 21:59 #1

  • yeller

    Typical of TW. They think they understand technology by "managing your connection", policing your activity, capping your downloads, and not investing in their infrastructure.

    They don't even know how to manage their own devices and believe in "if nobody knows, it's secure" philosophy.

    29.10.2009 10:07 #2

  • eazyman80

    can anyone help me, I have a mod modem the sb 5100 series. and I currently use comcast services, but im moving where they have timewarner services. my question is the dns setting the same and will it work with timewarner services?

    30.10.2009 12:15 #3

  • creaky

    eazyman80 - please stick to this one ~ http://forums.afterdawn.com/t.cfm/f-45/m...ng_help-810409/



    Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
    Network ~ DD-WRT ~ 2node WDS/WPA ~ Buffalo WHR-G54S. 4node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G v3.1, WRT54G2 v1, WRT54G v5. *** Forum Rules ***

    30.10.2009 16:04 #4

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud