Do you use this cable modem/wireless router?

The SMC8014WG-SI, used by an untold number of Time Warner Cable customers, has a serious security hole that “allows anyone to access your private network and possibly capture and manipulate your private data,” according to David Chen, who blogs about the breach at Chenosaurus.com.

Today, Chen offered another update for readers: Time Warner has not fixed the flaw.  His updated blog entry shows an image of a bunch of vulnerable New York City IP addresses.

He told me that he only scanned IP addresses in New York, where he used to live. He’s unsure how many Time Warner customers are affected by the SMC modem and hasn’t tested outside of New York.

“I am sure that if those routers are used by TW in other parts of the country, they would affected by the same issue,” he said in an e-mail response.

Time Warner has not responded to requests about the validity of Chen’s allegation.  But on the blog post, Time Warner’s Jeff Simmermon left a comment that this is on the list of fixes and told Chen “Thanks for your post. We’ve got a temporary patch in place now while we work on a permanent solution — you should be safe.”

The story’s been picked up by Wired, C/Net, PC World and now me (I was waiting on a response from Time Warner — nothing as of today). Wired reports that the security hole affects 65,000 users.

Irvine-based SMC Networks, which developed the device, says that it learned of the security flaw from Chen. The company took a few days to develop a fix and gave it to Time Warner on Friday.

“It’s really now up to Time Warner to test it and get the fix out to customers,” said Greg Fisher, SMC’s chief technology officer. “They have been testing it over the weekend. We don’t have the current status on it.”

Fisher said that the same issue hasn’t cropped up on any of the company’s other wireless modems and routers. But it is taking steps to make sure everything else is fine with the modem.

“We did provide Time Warner with a temporary tool to turn off the (affected user interface) so customers could still use the device for Internet. But it all depended on the local managers” to push out the update, Fisher said.

Chen first mentioned the security flaw last week after doing a test of his own. A friend had asked him to help tweak its Wi-Fi network name and password. He noticed that there was a way to get the router’s admin login and password from anywhere on the Internet. He ran a scan and “easily found dozens of these routers, open to attack,” he said.

If Time Warner offers a response, I’ll add it here.

If you have this modem, Chen advises users to contact Time Warner’s customer service (888-TWCABLE) and ask for a new one. Also, let me know so we can see how far reaching this security breach could be.

Earlier on Time Warner:

You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.