”
The WPS Threat
- “….Worst of all is Wi-Fi Protected Setup (WPS), an ease-of-use feature that lets users bypass the network password and connect devices to a Wi-Fi network simply by entering an eight-digit PIN that’s printed on the router itself. Even if the network password or network name is changed, the PIN remains valid.
- “This is a huge expletive-deleted security problem,” Horowitz said. “That eight-digit number will get you into the [router] no matter what. So a plumber comes over to your house, turns the router over, takes a picture of the bottom of it, and he can now get on your network forever.”
- That eight-digit PIN isn’t even really eight digits, Horowitz explained. It’s actually seven digits, plus a final checksum digit. The first four digits are validated as one sequence and the last three as another, resulting in only 11,000 possible codes instead of 10 million.
- “If WPS is active, you can get into the router,” Horowitz said. “You just need to make 11,000 guesses” — a trivial task for most modern computers and smartphones.”
320,000 Customer Passwords Stolen From Time Warner Cable
This is hardly the first time that a major ISP’s information was breached or stolen by scammers. Just last November, Comcast had to reset the passwords of nearly 200,000 customers that were found on the black market. In this case, the incident was blamed on phishing attacks that coerced users into handing over their credentials, but what happened with Time Warner Cable isn’t so clear.
Time Warner Cable suggests that the theft occurred thanks to potential phishing attempts directed at the company, or it was the result of a data breach at other companies storing Time Warner Cable customer credentials. Either way, the fact remains that Time Warner Cable suffered a data theft, and is now paying for it with the stigma associated with lost credentials, and frustrated or simply worried customers.