Gadgetell | Tech News, Reviews, and Interesting Things

Time Warner Cable says it is working on a fix for a security hole found in its SMC8014 cable modem/router devices.  The hole could allow a hacker to join private networks, hijack the browser and steal sensitive information. 

“We are aware of the issue and we are hard at work on a solution and have been for quite some time,” Alex Dudley, a Time Warner Cable spokesman, said on Tuesday.  “The manufacturer has developed a fix,” he added. “We believe it will work and we are testing it now to make sure it won’t affect our network in other ways.”

The problem lies in Time Warner’s sloppy way of trying to keep their customers from changing the configuration of the device.  They used Javascript, which is easily disabled via the browser and the web admin is accessible anywhere on the net.  Add to that the fact that a tool called “Backup Configuration File” displays the admin username and password in plain text and that the router is locked to weak WEP security by default instead of the much better WPA security, and you have a set up that a hacker could do serious damage with.

If you have one of these devices, Time Warner says it has pushed a temporary patch and will soon replace it with a permanent fix.  Really though, you are much better off with a cable modem and a separate router.  I’m a Time Warner customer and wasn’t offered one of those combo devices, fortunately. We were given an Arris cable modem and use our own Netgear router with WPA security, which is a much more secure setup!

Read [CNet]