A guy out in California, Dave Chen, was helping a friend with his wi-fi network. During the process, he uncovered a security hole in cable modems provided by Time Warner. What did he decide to do? Blog it, of course.
SMC8014 Series Cable Modem/Wi-fi Router ComboThe above titled router lies at the center of the security gap. The default encryption available on the router is WEP. This encryption method has been fairly easy to break since 2001 (it was THE standard at one point). WEP was at the epicenter of the TJX data breach that resulted in the loss of 45 million credit card numbers.
WEP was not only the default–the modem was crippled so that it was the only available encryption method. The reason why this is so serious? As of 2009, WEP encryption can be cracked in minutes.
Admin Password In PlaintextSo, the guy pokes around a bit, and finds that if javascripting is turned off, the crippling effects are cancelled. He goes on to make the changes, and finds that the administrative password and login name are in plaintext.
What all this means is that a hacker could have easily eavesdropped on users of that particular modem. Helloooooo, data breach.
Chen called up Time Warner:
Of course I got in touch with Time Warner’s security department and warned them about the security issue but their response was simply “we are aware of it but we cannot do anything about it”.
But, it looks like the episode hasn’t gone unnoticed by Time Warner. According to this site, TW is waiting for a fix to be released from SMC, the modem’s manufacturer. That’s the power of blogging for ya.
No comments:
Post a Comment