How Safe is Your Internet Connection?

Approximately 65000 High Speed Internet customers aren’t as safe as they once thought. An independent developer has discovered a glaring vulnerability in a certain model of cable modem being issued deployed on Time Warner / Road Runner networks.

The SMC8014 is a combination cable modem and wireless router. It has been discovered that by simply disabling JavaScript on a web browser, any user can download the full configuration of these routers, including the administrative username and password. As if that wasn’t bad enough, the administrative interface on these routers has been left open to the internet. That means an attacker can access that router simply by scanning the Time Warner network from the comfort of their local Starbucks. Once the attacker has access to your router, he can change the DNS settings to point to a malicious host, opening the users to malware and phishing attacks. He would also be able to eavesdrop on traffic passing through this router, or use it to attack other systems.

All of ConnectNC’s high speed routers are configured with unique passwords. Additionally, the administrative interface is not accessible from the Internet (even if you knew the password).