Suddenlink SMC8014WN Stupidity

click for larger version

Well this is interesting. I was considering becoming a reseller for Suddenlink Cable since I’ve been very pleased with their internet service. However, if you “rent” the SMC8014WN Wireless Modem/Router/AP from them – BEWARE!

Suddenlink has locked down the firmware in the SMC8014WN so that most of the typical features from any $60 router/access point from BestBuy or OfficeDepot or NewEgg – are simply not available. That’s insane.

WEP as a security measure is so broken that your (and everyone else’s) kid sister can easily circumvent it,” said computer security researcher Ralf-Philipp Weinmann, co-author of the aircrack-ptw tool that can crack WEP in minutes.

This unit is running a locked down firmware that doesn’t allow you to use anything but WEP encryption. As I’ve mentioned before, never use WEP encryption. This encryption algorithm was broken more than 10 years ago. The only exception would be legacy hardware that you simply cannot replace. In that case, you should put your legacy device on it’s own subnet separate from everything else.

You should ALWAYS USE WPA (or WPA2) encryption with a sufficiently strong passphrase. WPA + AES is currently unbroken and susceptible only to brute-force dictionary attacks, which all encryption schemes are. In other words, you can only break it by slamming a zillion password combinations at it and hoping for sheer luck.

You also can’t change the SSID. While changing or hiding the SSID does not increase security, it can make things more convenient.

Here is the best part. I called Suddenlink tech support just to make sure my findings were correct. A decent and knowledgeable tech support guy got on the phone and confirmed my findings.

Suddenlink Support: Suddenlink ships those modems with WEP to support the xBox which is WEP only. We lockdown the systems to make it easier for us to support users.

click for larger version

So I asked him simply: “Just to be clear, Suddenlink has shipped locked down devices with a broken security algorithm just to support the old xBox?”

Suddenlink guy: “Yes, that is correct.”

Hmm – maybe they haven’t heard of the DLink DGL-3420 which allows you to run WPA on the old xBox? If one of the Principal Tech Specialists at Microsoft thinks WEP is trivially crackable, maybe Suddenlink should listen?

Hmm – maybe Suddenlink should rethink their corporate policy on their users’ security? Maybe they shouldn’t send installers out who are morons and know nothing about networks nor security?

By the way, Suddenlink rapes you for $10/month until the end of your service for this piece of junk.

Solution: Purchase a Motorola Surfboard Modem and a Linksys Wireless Router. Simple. Effective. Cheaper. Safer.