Time Warner Cable today rolled out a temporary patch for a security hole discovered by blogger David Chen. While helping a friend change the Wi-Fi settings on their SMC8014 series cable modem/Wi-Fi router combo, Chen noticed that the web admin for the router simply uses a script to hide certain menu options when the user does not have admin privileges.
The software engineer and founder of social communications platform start-up, Pip.io, goes on to say this opened up access to a "Back Up Configuration File." With just one click, Chen reports that a text dump of the router's configurations was saved to his desktop and in there, was the login in and password in plaintext. So that's it, right? I mean, there's nothing else, is there? Wrong. Wired reports that Chen discovered the same login details could be used to access every router in the SMC8014 series on Time Warner’s network.
"Another issue which was alarming was the fact that, by default, the web admin is accessible from ANYWHERE on the internet. By running a simple port scan of Time Warner IP addresses, I easily found dozens of these routers, open to attack."
David says he contacted TWC's security department to warn the company and was told, “We are aware of it but we cannot do anything about it."
According to CNet the company has rolled out a temporary patch and is testing a permanent fix for the problem. It's nice to see that Time Warner Cable changed its tune.
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
There is an account that can be used to access any of their routers? Sounds like they left a backdoor open on purpose. Maybe for tech support reasons, but it's still a shady thing to do.Reply
Security by obscurity + proprietary mind set = NO SECURITYReply
JasonAkkermanThere is an account that can be used to access any of their routers? Sounds like they left a backdoor open on purpose. Maybe for tech support reasons, but it's still a shady thing to do.Reply
Comcast was able to "remotely program" my Motorolla cable modem to be compatible with their network. I'm not sure what this means, maybe they did nothing and just added my MAC address into their system, but I wouldn't be surprised if all these devices had some sort of backdoor for the ISPs to use.
AT&T U-verse using a similar "residential gateway" which is basically a DSL adapter and router combined. I wonder how secure it is. It even offers some remote file access. You have to use it if you’re using the IP-TV or the VoIP as it handles all of that on dedicated pipes.Reply
First thing I did with mine is a full ip / port forward to a Linux server that functions as my router. I use a content filter / proxy for web traffic and intrusion detection. I do miss the lower latency I was getting with my old cable modem.
hellwig & doomtomb:Reply
Indeed you can upload new firmware to cable modem (CPE) remotely - but to do so you need admin access to CMTS your cable modem is physically connected too (and/or ISP servers if configuration details are stored outside of CMTS). CMTS hardware is quite costly. And any sane cable modem manufacturer would implement digital signing of firmware to thwart malicious "reflashing" attempts (so it is necessary to physically disassemble CPE and use special hardware to "flash" something non-official).
Insanity described is this article is sad yet typical example of "security" in real world...
doomtombMy ISP was also able to remotely program my modem and see it. My ISP is Suddenlink.Reply
Cable modems download a software update to enable different modes. Its how people hack there own cable modems to "uncap" them. Basically you run a "server" on your PC and update that file to say 100mpbs or what ever. Please note that this is totally illegal and will get you disconnected in a hurry (although I have heard small bumps in speed can be gotten away with) The cable company only updated a small file on your modem with your tier information and what version of DOCSIS they are using. This is unrelated to the story though. The story is only talking about the routers that the cable company can install for you, now with access like this I wonder if it would be possible to install a custom firmware something like tomato... With that kind of access one could have an almost instant 65,000 machine broadband botnet...
while it is a stupid mistake that should have never happened, at least time warner is fixing it.Reply
PS currently many routers provided for verizon dsl and qwest dsl (not fios)
have the actiontec gt704wg or other actiontec series with a crappy bloated firmware from verizon. and guess what, they have remote access over the internet enabled by default and even though the password can be changed, the telnet password cant on some firmware versions, it also offers no protection against brute force attacks. a simply port scan of a range of like 100 ip's from either companies net block will lead to probably 20-30 vulnerable dsl gateways which are easy to log into
I have called verizon to tell them about this since I used to have a actiontec, the worker didn't understand what I was telling them.
This wouldn't really be a problem if you put decent router between their router/cable modem and your computer or network. And for Pete's sake, CHANGE THE DEFAULT PASSWORD!Reply