Return to VNFAWING.com Website Return to Main Forum Index PageReturn to VNFAWING.com Website
:: Forum Index :: Zephyrnet Forums :: FAQ :: Search :: Memberlist :: Groups :: Register :: Profile :: Log in to check your private messages :: Log in ::
Gaping security hole turned 64k TWC modems into hacker prey

 
Post new topic   Reply to topic    VNFAWING.com Forum Index -> Internet, Hardware, Networking, & Security Forum
View previous topic :: View next topic  
Author Message
CAG Hotshot

Admin, Site Owner, Developer, Webmaster
 

Rank: Admin, Site Owner, Developer, Webmaster

Joined: 12 Aug 2004

Posts: 16082

Post subject: Gaping security hole turned 64k TWC modems into hacker prey Reply with quote
Quote:
Gaping security hole turned 64,000 Time Warner cable modems into hacker prey
Cable modem security problem is patched, but customers' networks were vulnerable

A blogger helping to tune a friend's wi-fi network uncovered a gaping security hole in Wi-Fi cable modem routers installed in 64,000 Time Warner subscribers' homes, leaving them open to attack.

10 of the Worst Moments in Network Security History

Time Warner says that within the past week it has patched the problem until the manufacturer can provide a permanent fix, but before that it had allowed administrative access to the routers. Attackers could then run a variety of programs against these routers, says David Chen in his blog Chenosaurus.

Because the vulnerability let anyone anywhere on the Internet take over control of the router, they could launch attacks from within Time Warner customers' homes.

"From within your own network, an intruder can eavesdrop on sensitive data being sent over the Internet and even worse, they can manipulate the DNS address to point trusted sites to malicious servers to perform man-in-the-middle attacks," Chen writes. "Someone skilled enough can possibly even modify and install a new firmware onto the router, which can then automatically scan and infect other routers automatically."

Chen says he discovered that administrative control of the routers had been blocked by a Java script. He disabled Java on his friend's router and had access to all the router's settings. He opened the backup configuration file and discovered the administrative login and password in plaintext.

He says he was able to run a port scan on Time Warner IP addresses and found dozens of these routers that were open to attack. The router involved is the SMC 8014 wireless router and cable modem, says Alex Dudley, vice president of public relations for Time Warner. He says his company is waiting for a permanent fix from SMC that Time Warner will run quality assurance testing on before pushing it to the affected routers.

Chen also notes that the router allows only Wired Equivalent Privacy encryption, which he says is readily broken, allowing anyone who can break WEP access to the network. He also says the fixed format for the routers' SSIDs makes it possible to figure out which Wi-Fi networks are run by SMC 8014s.

_________________
CAG Hotshot
"FAF Shape Meister"
Forum Administrator
FAF/FA-2 Design team
TSH Member/Developer

-------- __@
----- _`\<,_
---- (*)/ (*)
~~~~~~~~~~~~~~~~



PostFri Oct 23 9:44:47 2009
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    VNFAWING.com Forum Index -> Internet, Hardware, Networking, & Security Forum All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics
You cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls




VNFAWING Flight Sim Development Center,Inc. - VNFAWING.comô

Powered by phpBB © 2001 - phpBB Group