October 26, 2009 4:23 PM PDT

Time Warner home routers still open to attack, blogger says

by Elinor Mills
  • Font size
  • Print
  • 5 comments

If you have an SMC8014 cable modem/Wi-Fi router from Time Warner your network might still be vulnerable to attack.

Blogger David Chen reported last week on a security hole affecting about 67,000 combo modem/router devices that could allow anyone to access Time Warner customers' private networks, snoop on sensitive data, and direct users to malicious Web sites.

At the time, Time Warner Cable spokesman Alex Dudley said a patch was being rolled out and a permanent fix was being tested.

On Monday, Chen published an update to his blog that says he is still finding evidence that the devices are still vulnerable.

In the last week, I have not seen a single bit of evidence that supports their claims of a 'temporary patch.' I contacted Time Warner reps on Twitter to find out more about the measures they took to temporarily fix this issue; I have yet to receive a response," writes Chen, co-founder of a start-up called Pip.io.

"A quick nmap (network mapper security) port scan of a random Time Warner subnet showed dozens of routers still open and vulnerable to attack. When the scan was expanded to more ips (IP addresses), hundreds of routers were found," he added.

Dudley, who was traveling on Monday and unavailable to comment until late in the day, said: "We do have a patch and if it is not in place in a particular device or a small number of devices it will be shortly."

Asked how many devices had been patched, he said he did not know.

Meanwhile, a permanent fix was still in quality assurance testing, Dudley said.

In his blog post, Chen provides suggestions for how Time Warner Cable could fix the problem, including change the default configuration of the routers to use WPA2 instead of WEP for Wi-Fi encryption and Disable access to the router's Web administration page from outside IP addresses.

"Of course the best idea would be to immediately recall those routers and issue your customers real cable modems and decent wifi routers with good security," he wrote.

And for Time Warner Cable customers who are using the devices, Chen urged them to call the company and ask for a replacement cable modem and use a separate router.

Updated on October 27 at 11:23 a.m. PDT to correct blogger's first name.

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Security,

Consumer software and hardware,

Privacy and data protection

Tags:

Time Warner,

cable modem,

wifi router,

security

Share:
Digg
Del.icio.us
Reddit
Recent posts from InSecurity Complex
Q&A: Researcher Karsten Nohl on mobile eavesdropping
RockYou sued over data breach
Hacker Gonzalez pleads guilty in Heartland breach
Web-based Lookout protects mobile devices, data
Using Facebook and Twitter safely
Firefox, Adobe top buggiest-software list
Adobe to patch zero-day Reader, Acrobat hole
Keeping Uncle Sam from spying on citizens
Related
Post-Christmas Wireless-N routers explained
Firefox, Adobe top buggiest-software list
Symantec confirms zero-day Acrobat, Reader attack
SmartSynch offers universal router for smart grids
Microsoft to plug critical IE hole targeted by exploit code
Microsoft plugs zero-day IE hole
Web-based Lookout protects mobile devices, data
Using Facebook and Twitter safely
Add a Comment (Log in or register) (5 Comments)
  • prev
  • 1
  • next
by timber2005 October 26, 2009 5:16 PM PDT
Wait wait wait..............
How exactly is WPA2 going to protect them from attacks originating on the INTERNET?!

And web administration should be blocked from the internet side unless the user knows what they are doing.
Reply to this comment
by Vegaman_Dan October 26, 2009 6:58 PM PDT
But then how would Warner be able to get into your home network to monitor your content for illegal downloads?
by timber2005 October 26, 2009 7:47 PM PDT
What illegal downloads? Can anyone actually DOWNLOAD anything on it?!

Oh wait that's comcast.
by b00dah October 27, 2009 6:41 AM PDT
Comcast IS Time Warner. Out in my neck of the woods, they issue the Netgear or SMC gateways to their business customers. They wouldn't even think of issuing just a modem and seperate router... it's how they manage the boxes from their side. I hate them (COMCAST / TIME WARNER) with a passion. I firmly believe that Comcast is none other than satan with a pitchfork.
Reply to this comment
by Jerry Ambrose November 2, 2009 3:08 PM PST
How about using OPENDNS
Reply to this comment
(5 Comments)
  • prev
  • 1
  • next
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About InSecurity Complex

Elinor Mills became fascinated with hacker culture when she was sent to Las Vegas to cover DefCon in 1995. Since then, script kiddies have given way to cyber criminals targeting bank passwords, and privacy risks are everywhere, from Google to Facebook and the iPhone. InSecurity Complex keeps tabs on the flaws, the foibles, and the fixes.

Add this feed to your online news reader

InSecurity Complex topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET