A vulnerability in a Time Warner cable modem and Wi-Fi router deployed to 65,000 customers would allow a hacker to remotely access the device’s administrative menu over the internet, and potentially change the settings to intercept traffic, according to a blogger who discovered the issue.
Time Warner acknowledged the problem to Threat Level on Tuesday, and says it’s in the process of testing replacement firmware code from the router manufacturer, which it plans to push out to customers soon.
All of this means that a hacker who wanted to target a specific router and change its settings could access a customer’s admin panel from anywhere on the net through a web browser, log in with the master password, and then start tinkering. Among the possibilities, the intruder could alter the router’s DNS settings — for example, to redirect the customer’s browser to malicious websites — or change the Wi-Fi settings to open the user’s home network to the neighbors.
Phi Beta Iota: Richard Stahlman understood, when he first created the concept for Open Source Software, that bureaucracies are inherently incompetent at executing flawless complex tasks, and that only a completely open system (“put enough eyeballs on it, no bug is invisible”) could be both resilient and reliable. We’ve reached the point now where anyone buying proprietary software must be in a “buyer beware” mode and assume that due diligence has NOT been accomplished. This is why Phi Beta Iota storngly support the “Open Source Tri-Fecta,” a combination of Free/Open Source Software, Open Source Intelligence, and Open Spectrum.