65,000 Time Warner Cable customers have been exposed to a remote access hack, as reported by wired.com. Blogger David Chen was helping a friend with the setting on his cable modem when he inadvertently realized there was a problem.
What does this kind of vulnerability mean? According to Chen:
“ ‘From within your own network, an intruder can eavesdrop on sensitive data being sent over the internet and even worse, they can manipulate the DNS address to point trusted sites to malicious servers to perform man-in-the-middle attacks,’ Chen wrote on his blog. ‘Someone skilled enough can possibly even modify and install a new firmware onto the router, which can then automatically scan and infect other routers automatically.’ "
The article does not mention any cases where users who were exposed had anyone tamper with their settings, which means that the threat was only that. While a serious potential problem, it is reassuring that either a)no hacker discovered the vulnerability b)no hacker cared enough to do anything about it if they did.
Ideally, any paid service should mandate the use off the highest level of encrypted remote access possible. If you want remote access solutions for your data center that you can trust, for example, there is no reason to worry with Minicom’s AccessIT. With SSL and high grade 256-bit AES encryption, you can sleep easily at night after watching cable TV.