Your home Internet router might be vulnerable to attack by hackers and open up your local network and its traffic to remote hackers. Devices from Linksys, Asus, Belkin, Dell and Thomson brand names are affected, says Craig Heffner, a researcher at Maryland-based security consultancy Seismic. Heffner is scheduled to present his research at Black Hat later this month and release a proof-of-concept tool to demonstrate the problem.
Provocatively titled "How to Hack Millions of Routers," Heffner says what he will present involves bringing together a number of known attack methods rather than a completely new form of attack. Essentially, via an attack known as DNS rebinding, the victim's web browser is tricked to allow access to its home network, potentially allowing access into his own Internet router from the inside.
The common use of default passwords or actual security flaws in the front ends of these devices mean that crucial configurations could often be changed without the victim's knowledge. For one, reconfiguring the router to forward all DNS lookups via a malicious server could mean that all traffic could be thus redirected and intercepted.
Heffner is not impressed that browser writers and router manufacturers have yet to address the well-known problems that allows his attack to succeed. He thinks that his releasing of a proof-of-concept tool is the only way to force their hands. For now,
For more on this story:
- check out the article at Forbes Blogs
- check out the article at Ars Technica
- check out the article at Network World
0 Visitor Reactions & Comments: