Posted on 07/16/2010 9:38:35 AM PDT by ShadowAce
The upcoming Black Hat security conference in Las Vegas offers an annual parade of security researchers revealing new ways to break various elements of the Internet. But few of the talks have titles quite as alarming as one on this year's schedule: "How to Hack Millions of Routers."
Craig Heffner, a researcher with Maryland-based security consultancy Seismic, plans to release a software tool at the conference later this month that he says could be used on about half the existing models of home routers, including most Linksys, Dell, and Verizon Fios or DSL versions. Users who connect to the Internet through those devices and are tricked into visiting a page that an attacker has set up with Heffner's exploit could have their router hijacked and used to steal information or redirect the user's browsing.
Heffner's attack is a variation on a technique known as "DNS rebinding," a trick that's been discussed for close to 15 years. "There have been plenty of patches over the years, but this still hasn't really been fixed," he says.
The hack exploits an element of the Domain Name System, or DNS, the Internet's method of converting Web page names into IP address numbers. (When you visit Google.com, for instance, a domain name server might convert that name into the IP address 72.14.204.147.) Modern browsers have safeguards that prevent sites from accessing any information that's not at their registered IP address.
But a site can have multiple IP addresses, a flexibility in the system designed to let sites balance traffic among multiple servers or provide backup options.
Heffner's trick is to create a site that lists a visitor's own IP address as one of those options.
< snip >
Potential fixes implemented in the free DNS replacement OpenDNS and the Firefox NoScript plug-in won't prevent his exploit, Heffner adds.
(Excerpt) Read more at blogs.forbes.com ...
It would take a little extra effort on the part of Linksys and others, but home routers should come out of the box with encryption enabled and the password set as serial number of the unit.
Leaving encryption off and having the admin password as “Linksys” or whatever is just asking to be hacked.
Here is the key passage:
“But that can be accomplished by using a vulnerability in the device’s software or by simply trying the default login password. Only a tiny fraction of users actually change their router’s login settings, says Heffner. “Routers are usually poorly configured and have vulnerabilities,” he says. “So the trick isn’t how to exploit the router. It’s how to get access to it.”
So what is your router’s password? If it’s ‘test123’, maybe you should change it to ‘d13fU??’ or something like that.
I use DD-wrt on my linksys, according to the article and the forums at dd-wrt.com, this software IS potentially vulnerable.
Bottom line though is that if you have a good router password, you should be OK.
Not an issue, as the article says, use OpenDNS.
Just go into your router’s configuration and unselect the “DNS from DHCP” setting and manually put in the OpenDNS IP addresses.
I’ve been using OpenDNS for months now and it’s much faster than COmcast’s DNS.
Just had to replace my DSL modem/router. Got an ATT modem and a Linksys router. Both had to use the ser # to set them up. Then you can set up any password you want. Of course, if someone uses their child's name then they are the ones vulnerable.
You say that like it's a bad thing.
I gotta go change some passwords...
bump to the top
bump to the top
Good call, Shadow! I’ve been a DD-WRT adherent since their inception. I love their firmware on my Linksys router, and it works exceptionally well on the old NetGear wireless router my old ISP gave me (after some minor hardware tweaks).
The login settings being left as-is boggles my mind. I was in the mountains of N. Georgia recently and could get into three different routers with just admin/admin or root/user. Some folks just set the SSID and forget about any other security.
or 1234 or the ever popular 'password'
SA, You’re one of the brightest Freepers in tech so here’s a question...
I bring my laptop to work (Dell 2009 XP SP 3 iNSPIRON) and I point the mouse to the bars of the wifi and gives me the ‘address’ as 192.168.1.74.
Obviously under whatismyipaddress.com, it;s a different #...
Now I bring it home, point the mouse at the bars and it gives me the same “address’ 192.168.1.74,but my ip address is obviously different from the office..
Is this normal?
192.168.x.y are considered reserved for private networks and not for the internet at large. So your work (and home) routers are assigning that address to your computer for those networks. The external-facing connection, though, has two addresses--one for the outside, and one for the inside (192.168.x.y). The outside-facing connection is the one being reported by whatismyipaddress.com.
Thank you very much..I thought You didn;t answer because the question was beneath you LOL.
BTW, I asked my co-worker who also brings his laptop (a Macbook Pro) and his address while at work (same as mine) is 192.168.1.10, which is close to mine. We were both stumped. We asked our arrogant “IT” guy and he dodged the question.
heh--nah. It took me that long because I'm usually off the net at the time you posted it. No problems...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.