A recently uncovered security flaw could put as many as 64,000 wireless networks at risk of attack.
The vulnerability is believed to exist in the SMC8104 combination cable modem and wireless router used primarily by customers of Time Warner and RoadRunner's cable internet service.
Developer Dave Chen claimed that lax security protections on the router could make the task of breaking into the networks and taking control of the router much easier than with other wireless router devices.
Chen explained in a blog posting that the routers rely on Wired Equivalent Privacy (WEP) protections, a security protocol that is notoriously easy to overcome. But the most serious concerns come after a user has connected to the router.
Chen said that the router uses JavaScript code to prevent unauthorised systems accessing the router's administration functions. By disabling JavaScript execution within the browser, a third-party user could connect to the router and access administration features.
Additionally, Chen noted that among the administration features on the router is the option to back up router settings as a text file which includes administrator login names and passwords.
"By forcing the customers to use only WEP encryption on their Wi-Fi network, they are allowing anyone to penetrate the network with ease," Chen explained. " Once inside, anyone can access the router's web interface and login with the admin account."
See also:
Wi-Fi Direct eliminates need for extra routers 15 Oct 2009
New Xtreme N devices combine storage and networking 06 Oct 2009
All Hacking Tags: Time-warner, Threats, Security
del.icio.us
Digg this
reddit!
