Firmware + Javascript Glitch = Keys To Kingdom
Proof once again, that security by obfuscation does not work… This time, the proof is provided to us courtesy of those geniuses at Time Warner. More information, inclusive of linkage, appears after the jump. Read it and weep.
From Wired’s ThreatLevel blogger Kim Zetter : “Time Warner Cable Exposes 65,000 Customer Routers to Remote Hacks“
“A vulnerability in a Time Warner cable modem and Wi-Fi router deployed to 65,000 customers would allow a hacker to remotely access the device’s administrative menu over the internet, and potentially change the settings to intercept traffic, according to a blogger who discovered the issue. Time Warner acknowledged the problem to Threat Level on Tuesday, and says it’s in the process of testing replacement firmware code from the router manufacturer, which it plans to push out to customers soon… ” “The vulnerability lies with Time Warner’s SMC8014 series cable modem/Wi-Fi router combo, made by SMC. The device is one of several options Time Warner offers to customers who don’t want to install their own modem and router to use with the company’s broadband service. The device is installed with default configurations, which customers can alter only slightly through its built-in web server. The most customers can do through this page is add a list of URLs they want their router to block…”
