A gaping security hole in cable modems distributed to Time Warner/Road Runner customers could potentially be exploited remotely to access private networks and possibly capture and manipulate private data.
One of the extra features found by Chen included an admin utility called "Back Up Configuration File" that was essentially a text dump of the router's configurations.
Upon examination of this file, I found the admin login & password in plaintext. Another issue which was alarming was the fact that by default, the web admin is accessible from ANYWHERE on the internet. By running a simple port scan of Time Warner IP addresses, I easily found dozens of these routers, open to attack.
This is a really serious issue for any Time Warner/Road Runner running the SMC8014 router:
Now you can now put two and two together and realize that this has opened a gaping hole on every single Time Warner customer’s network that uses the SMC8014. By forcing the customers to use only WEP encryption on their wifi network, they are allowing anyone to penetrate the network with ease. Also by using a fixed format for the SSID, it’s extremely easily tell which wifi network is using the device. Once inside, anyone can access the router’s web interface and login with the admin account. What makes this even scarier, is the fact that the web interface is accessible from anywhere. From within your own network, an intruder can eavesdrop on sensitive data being sent over the internet and even worse, they can manipulate the DNS address to point trusted sites to malicious servers to perform man-in-the-middle attacks. Someone skilled enough can possibly even modify and install a new firmware onto the router, which can then automatically scan and infect other routers automatically.
Chen said he reported the issue to Time Warner and was told that nothing could be done about the problem. A spokesman for Time Warner told Wired's Kim Zetter the issue is being fixed.