- People are not falling for these ICE ‘propaganda’ photos Today 4:23 PM
- CLIF Bar and KIND Snacks are in a bizarre social media war Today 2:55 PM
- Caillou is how tall? Today 1:32 PM
- No, that video of a Boston Dynamics robot attacking its creators is not real Today 12:40 PM
- Alex Jones places $1 million bounty on culprit who planted child porn on his InfoWars server Today 12:03 PM
- ‘Stranger Things’ star’s new Netflix prank show is receiving backlash Today 9:04 AM
- How to watch ‘City on a Hill’ for free Today 8:00 AM
- How to watch ‘Euphoria’ for free Today 7:00 AM
- Meet the home brewer turning beer into a case for net neutrality Today 6:30 AM
- How to watch the U.S. vs. Chile at the World Cup for free Today 6:15 AM
- 15 teen movies on Netflix that will make you laugh, cry, and cringe Today 6:00 AM
- How to watch Estrella TV online for free Today 5:00 AM
- People are roasting this ‘traditional’ take on marriage with a hilarious meme Saturday 5:17 PM
- The internet just collectively realized that the Neopets of the world must be hungry Saturday 4:00 PM
- Alt-right message board 8chan was served a search warrant Saturday 3:06 PM
Comcast hack reveals some Spectrum customers were open to security vulnerability
Evgeny Pavlov/Flickr (CC-BY-SA)
Following the discovery and subsequent fixing of a security flaw with Comcast‘s login portal earlier this month, it appears that Spectrum customers were also vulnerable to hacking through their internet service provider.
Security researchers Phobia and Nicholas “Convict” Ceraolo uncovered the issue, which allowed anyone to hack into Spectrum customers’ accounts without a password, BuzzFeed News reports. A customer’s IP address and a little social engineering could give hackers access to a user’s email, billing address, or phone number. (That is, with a user’s IP address, a hacker could contact customer service and glean other information about a user.) With that information, a hacker could gain additional information, such as log-in details or financial data, through an accurate-looking phishing email.
Charter acquired Time Warner in a merger in 2016, and their customers now fall under the Spectrum brand. However, customers still use the My TWC app, and a subset of pre-merger customers who lacked an access ID were vulnerable to having their MAC address stolen. The page where users could create an ID was the center of this security issue. There, a hacker could swap their IP address with the customer’s and proceed through the account verification and profile creation process, even if some information (such as the user zip code) was incorrect. Only the phone number needed to be accurate, and trial and error could eventually find the correct phone number if it wasn’t previously known.
Luckily, vulnerability doesn’t appear to have been exploited in the wild, according to Spectrum’s parent company Charter Communications. Charter Communications addressed the issue when the researchers brought it to their attention.
“We investigated and quickly implemented a fix to the vulnerability that was brought to our attention,” Charter Communications spokesperson Francois Claude told Buzzfeed News. “We continue to investigate, but at this time have no reason to believe this vulnerability was ever used beyond the security researchers who reported it to BuzzFeed.”
H/T BuzzFeed News
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.