65,000 Time Warner Cable users exposed to hacks

The SMC cable modem and Wi-Fi router combo appliance installed by Time Warner to 65,000 customers has a vulnerability that allows anyone to remotely gain access to and change the configuration of the device. The problem, of course, lies in the fact that this could be taken advantage of by someone with malicious intentions.

Wired reports that the vulnerability was uncovered by accident by David Chen, the founder of a software startup, while trying to change the settings of the appliance for a friend. He discovered that the administrative functions for the modem were just hidden from the user’s view using Javascript, and that by deactivating it in the browser he could access those functions – and through them, the configuration file that contained the admin login information.

Chen tried to use the password on admin panels for other routers of the same series on the Time Warner Network – and it worked! That means that the router is vulnerable (among other things) to redirection of the legitimate user’s browser to a malicious website, or can be an entry point into the user’s home network and allow the hacker to sniff out sensitive data.

Chen notified Time Warner, and they are currently testing the replacement firmware code provided by SMC, which will soon be provided for customers.