• On TechRepublic: Windows 7: Slower to boot than Vista?
October 26, 2009 4:23 PM PDT

Time Warner home routers still open to attack, blogger says

by Elinor Mills
  • Font size
  • Print
  • 5 comments

If you have an SMC8014 cable modem/Wi-Fi router from Time Warner your network might still be vulnerable to attack.

Blogger David Chen reported last week on a security hole affecting about 67,000 combo modem/router devices that could allow anyone to access Time Warner customers' private networks, snoop on sensitive data, and direct users to malicious Web sites.

At the time, Time Warner Cable spokesman Alex Dudley said a patch was being rolled out and a permanent fix was being tested.

On Monday, Chen published an update to his blog that says he is still finding evidence that the devices are still vulnerable.

In the last week, I have not seen a single bit of evidence that supports their claims of a 'temporary patch.' I contacted Time Warner reps on Twitter to find out more about the measures they took to temporarily fix this issue; I have yet to receive a response," writes Chen, co-founder of a start-up called Pip.io.

"A quick nmap (network mapper security) port scan of a random Time Warner subnet showed dozens of routers still open and vulnerable to attack. When the scan was expanded to more ips (IP addresses), hundreds of routers were found," he added.

Dudley, who was traveling on Monday and unavailable to comment until late in the day, said: "We do have a patch and if it is not in place in a particular device or a small number of devices it will be shortly."

Asked how many devices had been patched, he said he did not know.

Meanwhile, a permanent fix was still in quality assurance testing, Dudley said.

In his blog post, Chen provides suggestions for how Time Warner Cable could fix the problem, including change the default configuration of the routers to use WPA2 instead of WEP for Wi-Fi encryption and Disable access to the router's Web administration page from outside IP addresses.

"Of course the best idea would be to immediately recall those routers and issue your customers real cable modems and decent wifi routers with good security," he wrote.

And for Time Warner Cable customers who are using the devices, Chen urged them to call the company and ask for a replacement cable modem and use a separate router.

Updated on October 27 at 11:23 a.m. PDT to correct blogger's first name.

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Security,

Consumer software and hardware,

Privacy and data protection

Tags:

Time Warner,

cable modem,

wifi router,

security

Share:
Digg
Del.icio.us
Reddit
Recent posts from InSecurity Complex
Microsoft warns of IE exploit code in the wild
Chrome OS security: 'Sandboxing' and auto updates
Fortified rice, fuel cells among Tech Award winners
Cisco launches iPhone security app
T-Mobile UK says workers sold customer data
FAQ: Recognizing phishing e-mails
Report: Countries prepping for cyberwar
Antitrust concerns linger in Google Books deal
Related
Tweak MiFi to charge over USB
Microsoft patches critical hole in Windows kernel
Get an 802.11n home router for $24.99
Apple plugs holes for domain spoofing, other attacks
Wrapping up Speeds and Feeds, part 4: Security
Microsoft patching zero-day Windows 7 SMB hole
An emergency scanner and challenging cartoon boxing: iPhone apps of the week
Get a Wi-Fi multifunction printer for $59
Add a Comment (Log in or register) (5 Comments)
  • prev
  • 1
  • next
by timber2005 October 26, 2009 5:16 PM PDT
Wait wait wait..............
How exactly is WPA2 going to protect them from attacks originating on the INTERNET?!

And web administration should be blocked from the internet side unless the user knows what they are doing.
Reply to this comment
by Vegaman_Dan October 26, 2009 6:58 PM PDT
But then how would Warner be able to get into your home network to monitor your content for illegal downloads?
by timber2005 October 26, 2009 7:47 PM PDT
What illegal downloads? Can anyone actually DOWNLOAD anything on it?!

Oh wait that's comcast.
by b00dah October 27, 2009 6:41 AM PDT
Comcast IS Time Warner. Out in my neck of the woods, they issue the Netgear or SMC gateways to their business customers. They wouldn't even think of issuing just a modem and seperate router... it's how they manage the boxes from their side. I hate them (COMCAST / TIME WARNER) with a passion. I firmly believe that Comcast is none other than satan with a pitchfork.
Reply to this comment
by Jerry Ambrose November 2, 2009 3:08 PM PST
How about using OPENDNS
Reply to this comment
(5 Comments)
  • prev
  • 1
  • next

E-tailers linked to 'scam' blame customers

Priceline, Classmates.com, and Orbitz say customers should read the fine print before complaining about being charged to join loyalty programs they didn't want.

The 411 on early-termination fees

Verizon Wireless has doubled its early-termination fees for smartphones, but what does it mean for the rest of the industry?

About InSecurity Complex

Elinor Mills became fascinated with hacker culture when she was sent to Las Vegas to cover DefCon in 1995. Since then, script kiddies have given way to cyber criminals targeting bank passwords, and privacy risks are everywhere, from Google to Facebook and the iPhone. InSecurity Complex keeps tabs on the flaws, the foibles, and the fixes.

Add this feed to your online news reader

InSecurity Complex topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET