- ‘Star Trek’s Jonathan Frakes calls out your lies with this new meme Saturday 3:46 PM
- #JusticeForLucca trends after video shows police slam Black teen’s head into pavement Saturday 3:11 PM
- The internet is shocked to learn that Goombas do, in fact, have arms Saturday 2:02 PM
- PayPal, GoFundMe cut off armed militia that detains migrants at border Saturday 1:16 PM
- Barnwood theft may be on the rise because of ‘Fixer Upper’—and fans aren’t having it Saturday 12:23 PM
- Literary Twitter calls out Dzanc Books for Islamophobic, racist novel Saturday 11:40 AM
- How to watch Crawford vs. Khan online Saturday 10:00 AM
- Beyoncé has 2 more projects coming to Netflix after ‘Homecoming’ Saturday 9:53 AM
- How to watch Danny Garcia vs. Adrian Granados for free Saturday 9:00 AM
- The ‘Feeling Cute Challenge’ turns ugly after correctional officers abuse it Saturday 7:30 AM
- How to watch ‘How High 2’ for free Saturday 7:00 AM
- Swipe This! My ex-BFF keeps sliding into my DMs, but I don’t want to be friends Saturday 6:30 AM
- Watch ‘I Am Somebody’s Child: The Regina Louise Story’ for free Saturday 6:00 AM
- How to watch Barcelona vs. Real Sociedad for free Saturday 6:00 AM
- How to stream UFC Fight Night 149 for free Saturday 5:30 AM
Comcast hack reveals some Spectrum customers were open to security vulnerability
Evgeny Pavlov/Flickr (CC-BY-SA)
Following the discovery and subsequent fixing of a security flaw with Comcast‘s login portal earlier this month, it appears that Spectrum customers were also vulnerable to hacking through their internet service provider.
Security researchers Phobia and Nicholas “Convict” Ceraolo uncovered the issue, which allowed anyone to hack into Spectrum customers’ accounts without a password, BuzzFeed News reports. A customer’s IP address and a little social engineering could give hackers access to a user’s email, billing address, or phone number. (That is, with a user’s IP address, a hacker could contact customer service and glean other information about a user.) With that information, a hacker could gain additional information, such as log-in details or financial data, through an accurate-looking phishing email.
Charter acquired Time Warner in a merger in 2016, and their customers now fall under the Spectrum brand. However, customers still use the My TWC app, and a subset of pre-merger customers who lacked an access ID were vulnerable to having their MAC address stolen. The page where users could create an ID was the center of this security issue. There, a hacker could swap their IP address with the customer’s and proceed through the account verification and profile creation process, even if some information (such as the user zip code) was incorrect. Only the phone number needed to be accurate, and trial and error could eventually find the correct phone number if it wasn’t previously known.
Luckily, vulnerability doesn’t appear to have been exploited in the wild, according to Spectrum’s parent company Charter Communications. Charter Communications addressed the issue when the researchers brought it to their attention.
“We investigated and quickly implemented a fix to the vulnerability that was brought to our attention,” Charter Communications spokesperson Francois Claude told Buzzfeed News. “We continue to investigate, but at this time have no reason to believe this vulnerability was ever used beyond the security researchers who reported it to BuzzFeed.”
H/T BuzzFeed News
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.