If you didn’t provide your own wireless router when you signed up for Internet access from Time Warner, you may have been given an SMC-branded modem/router combo that turns out is ridiculously easy to break into.
Here’s what Dave discovered:
Jeff Simmermon, the Director of Digital Communications at Time Warner Cable, left a comment on Dave’s blog addressing the situation:
From what I understand, our QA got a list of fixes for the identified issues on Friday, and are currently testing (if not finished with testing) and preparing to hand this off to our Ops team at this very moment.
Our customer’s security is of the utmost importance to us, and we are constantly working to identify and repair holes and flaws as we discover them. This is not the sort of thing where we’ll roll the fix out, go “okay, done, phew,” and go back to our comfy armchairs. With more than 14,000,000 devices in the field, we’ve always got bugs to fix and holes to secure.
We contacted Jeff to find out where TWC stands on the current status of the SMC8014WG-SI. He wrote back:
The updates [that we have applied to the router] are done remotely, without the customer getting involved.
This security issue affects roughly 67,000 out of over 14,000,000 customers. To imply that all of our customers’ data is at risk would be false. We deployed a patch remotely on Tuesday [October 20th] specifically to protect affected customers’ data while we QA and roll out a long-term solution. Customers with the affected routers should not have to do anything to upgrade their hardware or worry about their data.
So TWC is on the issue and planning a “long-term solution.”