Perhaps not for long.

Time Warner Cable customers who spent hundreds or thousands of dollars in security equipment and add-ons may be left with nothing but their 18-month contract as Charter Communications considers pulling the plug on Time Warner’s IntelligentHome security service.

DSL Reports appears to have the exclusive story this morning that insiders familiar with the company’s business operations are claiming IntelligentHome may be one of the first casualties of the giant merger between Charter, Time Warner Cable, and Bright House.

As Stop the Cap! reported earlier this morning, Charter executives are performing a top-to-bottom analysis looking to wring cost savings out of the merger deal. The result will likely be the elimination of anything seen as duplicating Charter Spectrum’s own suite of products and services or going beyond Charter’s philosophy of focusing on “core services.” That could be bad news for Time Warner Cable employees managing or supporting non-conforming services as well, and at least some could be headed for the unemployment office.

A strong clue the days of IntelligentHome may be numbered is word employees are now supposed to keep it a secret:

While the source states that no formal shutdown of the service has been announced, sales and service employees are being told to no longer mention the service in call conversations or presentations with customers. The source also states that “rumblings by managers” suggests the service may not be long for this world.

Should Time Warner Cable shutter the service, the insider states that could be trouble for the customers that recently shelled out significant amounts of money for IntelligentHome hardware.

“What is particularly concerning is that many customers are in 18 month contracts and have purchased hundreds or even thousands of dollars in equipment,” states the insider.

If Time Warner does shutter the service, customers will likely be released from their contracts penalty-free, but they may also be stuck with useless equipment they can’t use with another alarm system.

Cable operators have dabbled in the home security business since the 1970s, but many early attempts were scrapped after waves of consolidation orphaned a variety of incompatible technologies with new owners that had little interest in maintaining the service. The insatiable quest for higher Average Revenue Per User (ARPU) has pushed the cable industry to find more ancillary services that could boost cable bills and keep Wall Street happy. They tried music services like Music Choice and DMX, home video game services, broadband for telecommuters, and eventually returned to home security.

Time Warner Cable first launched IntelligentHome in 2011. It immediately threatened traditional home security services from companies like ADT because IntelligentHome could manage easy remote access to control home security settings, lighting, and thermostats from a computer, tablet, or smartphone. Customers upgrading to a video-capable system could even stream camera video over the Internet through a live feed. A tablet-like touchscreen control enhanced the experience with access to current weather, news, and traffic.

Icontrol manages the software platform that powers Time Warner’s IntelligentHome, along with home security services offered by a number of other cable operators.

Time Warner Cable did not develop IntelligentHome exclusively in-house. Most large cable operators rely on connected home security system software solutions powered by a platform developed by Icontrol.

Charter Communications is one of only a few cable companies that have shown no interest in selling home security services (Cablevision is another). In 2013, it dismissed any interest in getting into the business, telling Reuters it preferred to concentrate on its “core business.” Nothing seems to have changed. As of this year, the only security protection Charter offers customers is antivirus software for their computers.

An exit from IntelligentHome could also have a major impact on Time Warner Cable’s owned-and-operated CSAA 5-Diamond Rated Emergency Response Center, which answers when it detects a break-in or when a customer hits a panic button.

Most estimates put the number of customers paying for IntelligentHome at less than 100,000 nationwide, but that select group is likely to have a substantial buy-in to the service and would definitely feel its loss.

Although Time Warner Cable advertises IntelligentHome at prices starting between $35-40 a month, that doesn’t afford much protection. Customer can choose between packages of different equipment bundles that range from $99.99 to $199.99. A la carte equipment is also available. A very basic entry-level system packages a tablet-like controller with protection for only two doors or windows and one motion detector. That might be suitable for an apartment, but homeowners often upgrade to cover more potential entry points. As a result, IntelligentHome has proven a tough sell for customers already confronted by cable bills that often approach or exceed $200 a month, before the alarm service is added.

Time Warner has attempted to change the marketing of IntelligentHome to emphasize more of its home automation and monitoring features, and routinely offers a $200 gift card to entice new customers. But it may not have worked enough to interest Charter, which shows every sign it wants to simplify the cable bundle, not clutter it up with extras. The insider told DSL Reports he hoped Charter would find a way to manage existing customers and not abandon them should the service be discontinued. If not, tens of thousands of Charter customers will have bought a lot of equipment with nothing to show for it.

DSL Reports stresses no final decision has been made.

ARRIS, one of the country’s largest suppliers of cable modems, is under scrutiny after a security researcher discovered not one, but two secret “backdoors” potentially affecting more than 600,000 of the company’s installed cable modems/home gateways that could allow hackers access to a customer’s equipment and home network.

Bernardo Rodrigues published a report of the exploits on his blog, which affect ARRIS cable modem models including TG862A, TG862G, and DG860A. Rodrigues reports only ARRIS and your local cable company can fix the security problems, and neither seem to be in much of a hurry.

The ARRIS Touchstone 860, which can be identified by its model number depicted on the front lower right of the modem.

“Securing cable modems is more difficult than other embedded devices because, on most cases, you can’t choose your own device/firmware and software updates are almost entirely controlled by your ISP,” Rodrigues writes. Indeed, very few cable modems allow users to self-update their equipment with the latest firmware. To guarantee uniformity, that privilege is given exclusively to the cable company providing service, even if a customer owns their own modem outright.

“ARRIS SOHO-grade cable modems contain an undocumented library (libarris_password.so) that acts as a backdoor, allowing privileged logins using a custom password,” Rodrigues writes. “The backdoor account can be used to enable Telnet and SSH remotely via the hidden HTTP Administrative interface “http://192.168.100.1/cgi-bin/tech_support_cgi” or via custom SNMP MIBs.”

While exploring the potential security damage that backdoor could permit, Rodrigues stumbled on a second, open to additional exploitation by hackers.

“The undocumented backdoor password is based on the last five digits from the modem’s serial number,” Rodrigues wrote. “You get a full busybox shell when you log on the Telnet/SSH session using these passwords.”

ARRIS TG862

In plainer language, one or both backdoors will allow a hacker to bypass the modem’s usual security protections and provide the intruder with full remote access to the affected cable modem. Hackers have likely already identified the security lapse and have exploited it, with some suspecting access key generators are already available allowing the user to automate attempts to reach affected modems on a significant scale.

Unfortunately for consumers, neither ARRIS or cable operators appear to be rushing to update the affected firmware to eliminate the backdoors, having waited more than two months just to acknowledge Rodrigues’ report.

For now, customers using these devices exclusively as cable modems are least likely to suffer a serious security lapse. More at risk are consumers relying on these three models as both a cable modem and home gateway providing Wi-Fi access around the home. Theoretically, hackers could use one or both exploits to gain access to your home network. Consumers using one of the affected models should contact their local cable company and ask them to replace the device with an alternative, preferably from a different manufacturer.

At least one cable company reported they are working with ARRIS to correct the flawed firmware, but early efforts have not been successful. It may be prudent for some security-conscious customers not to wait.

If you are a Comcast/Xfinity customer, are you still paying for anti-virus and security tools?  If so, Comcast may be able to save you some money, assuming you value the services they bundle with your broadband subscription.

Some customers first become aware of Comcast’s Constant Guard security protection suite after receiving e-mails warning they may have been infected by a bot or other malware.  Comcast has actually been providing some form of this service to customers since 2009, but many are completely unaware of the service, which includes free anti-virus software from Norton.

Comcast’s security alert e-mails usually don’t directly identify a misbehaving computer.  Instead, the company obtains lists of compromised IP addresses from third party security vendors who track botnets and other illicit computer crime.  When a Comcast IP address can be tracked back to a customer, Comcast can send an e-mail to that customer alerting them to the possibility they are running a compromised PC.

One major problem is that recipients of these e-mail messages often suspect they are phishing messages not actually sent by the cable company, and a number of them forwarded to Gmail e-mail accounts end up in the spam folder.  But, in most cases, they are actually legitimate Comcast e-mails.

Comcast advises customers to download their Constant Guard security suite to identify and remove potential threats from their computers.  The suite is free for Comcast customers and includes:

• Norton Security Suite: Provides protection that helps guard against identity theft, viruses, hackers, spam, phishing and more. It also includes parental controls to help keep your kids safe online.
• Secure Backup & Share: Securely backup and share your valuable files, like photos. (2 GB storage included at no additional charge.  Remember the 250GB monthly usage cap!)
• Desktop Applications: The Comcast Toolbar includes anti-spyware, network-embedded anti-spam and anti-virus technologies brought to you through partnerships with Bizanga, Cloudmark®, Goodmail CertifiedEmail™, and Return Path. In addition, Comcast uses up-to-date blocklists from Spamhaus and TrendMicro to help reduce and guard against unwanted spam.
• Proactive Bot Notification: As a new feature of the Constant Guard service, Comcast may email a “Service Notice” to your Comcast email address if they believe one or more of your computers may be infected with a type of virus called a Bot. A Bot is a malicious form of software that could use your computer to send spam, host a phishing site, or steal your identity by monitoring your keystrokes.

Considering it’s free, it may be worth a try.  Comcast customers can obtain the software and additional information from the Constant Guard website.

[flv width=”640″ height=”380″]http://www.phillipdampier.com/video/Comcast Constant Guard.flv[/flv]

Comcast demonstrates Constant Guard’s password and credit card-saving features.  (4 minutes)