Time Warner security hole still wide open

I’ve received incredible response from the  Time Warner modem/router security issue I wrote about last week.  It was immediately picked up by Wired, Cnet, PC World, and various other news sources. Even Time Warner themselves immediately responded to my post with: “Thanks for your post. We’ve got a temporary patch in place now while we work on a permanent solution — you should be safe.”
ports
Wow, I thought, Time Warner took care of this problem in less than a day!  It was good to know that they actually cared about security and making sure their customers were safe… I was wrong.

In the last week, I have not seen a single bit of evidence that supports their claims of a “temporary patch.” I contacted Time Warner reps on Twitter to find out more about the measures they took to temporarily fix this issue; I have yet to receive a response.  Either they’re too busy fixing the problem to respond or they can’t come up with an answer because nothing has been done.

A quick nmap port scan of a random Time Warner subnet showed dozens of routers still open and vulnerable to attack. When the scan was expanded to more ips, hundreds of routers were found.  I spoke with Ira Victor of Data Security Podcast over the weekend about the continued problem with these routers, you can hear the podcast here.

 Here’s a couple of ideas for Time Warner to fix this right away:

  • Change the default configuration of the routers to use WPA2 instead of WEP for wifi encryption.  It’s ok if you don’t want the customers to change their wifi settings, but at least use a key that’s not derived from the router’s MAC address (which is broadcasted over wifi).
  • Disable access to the router’s web admin page from outside IPs.  The options are in the router (see below), a simple config change would block access to the router from the internet.
  • Block traffic to port 8080, 8181, 23 (those are the ports that are open on the SMC8014 routers) at the ISP level.  This of course should be a temporary fix until the hardware can be replaced with something more secure.
  • Of course the best idea would be to immediately recall those routers and issue your customers real cable modems and decent wifi routers with good security.

Admin panel
If you have an SMC8014 series modem/router combos, get rid of it.  Call up Time Warner and ask them to replace it with a standard cable modem and get yourself a real router.

UPDATE: Finally figured out what the “patch” Time Warner deployed was. If a user tries to login with the user/user account, it simply kicks them back to the login page with javascript. All routers are still open to the internet and all still have the same default admin password.

Posted: October 26th, 2009
Categories: general
Comments: 11 Comments.
Comments
Pingback from Data Security Podcast Episode 75, Oct 25 2009 « Data Security Podcast - October 26, 2009 at 6:05 pm

[...] * Conversation:  Ira talks with David Chen of Pip.io with an update on the critical vulnerabilities he discovered in a batch of Time Warner cable modems (made by SMC). TW now acknowledges the flaw, and they have made statements elsewhere that a fix is being deployed. David Chen tells us that as of this past weekend the vulnerabilities remain.  Both David Chen and The Data Security Podcast have attempted to get an update on a fix. Time Warner cable has not replied to written requests from David Chen, or from this program.  David Chen is blogging with recommendation on how he thinks Time Warner Cable could mitigate these flaws… see his latest blog here. [...]

Pingback from Some Time Warner Cable modems have major security flaw – The Gadgetress – OCRegister.com - October 27, 2009 at 1:38 am

[...] Chen offered another update for readers: Time Warner has not fixed the flaw.  His updated blog entry shows an image of a bunch of [...]

Comment from Lane - October 27, 2009 at 1:39 am

A cable company is unresponsive and uncaring about a major problem affecting its customers?

Sounds like a normal situation to me.

Pingback from Blogger: Time Warner Routers Still Hackable Despite Company Assurance | Slush - October 27, 2009 at 2:42 am

[...] Writing Monday at his blog, chenosaurus.com, Chen said he ran a scan over the weekend and found 500 routers still vulnerable to attack and that he had not found “a single bit of evidence that supports their claims of a [...]

Pingback from Time Warner security hole still wide open (David/my california adventures) | Technology startup news GeekoPedia - October 27, 2009 at 3:15 am

[...] security hole still wide open (David/my california adventures) David / my california adventures: Time Warner security hole still wide open  —  I’ve received incredible response from the Time Warner modem/router [...]

Comment from Tasunke - October 27, 2009 at 3:20 pm

I blogged about your first post on this issue, Dave, and someone named “Adam Wood,” ostensibly from SMC responded. (http://tasunke.otakugeeksquad.org/blog/2009/10/24/major-time-warner-modemrouter-security-flaw/#comment-6526) Essentially saying that they’ve developed new firmware to address this issue and have delivered it to TWC.

Comment from Pradip - October 27, 2009 at 3:27 pm

This is not good. Still a lot of users are at risk.

Comment from flyingroach - October 28, 2009 at 12:20 am

what is the default admin pwd so i can enable wpa>

Pingback from Time Warner Routers are Hackable | iTech Engine - October 30, 2009 at 3:06 pm

[...] Writing Monday at his blog, chenosaurus.com, Chen said he ran a scan over the weekend and found 500 routers still vulnerable to attack and that he had not found “a single bit of evidence that supports their claims of a ‘temporary [...]

Comment from Polprav - November 3, 2009 at 4:13 am

Hello from Russia!
Can I quote a post “No teme” in your blog with the link to you?

Comment from David - November 3, 2009 at 5:33 am

sure thing!

Write a comment