Millions of routers vulnerable to web attack

By on July 21, 2010, 1:02 PM
An upcoming presentation at the Black Hat security conference later this month will reportedly demonstrate how millions of household routers, from popular brands such as Netgear, Linksys, and Belkin, suffer from a vulnerability that allows hackers to intercept and redirect traffic as well as access computers on a local network. The flaw was discovered by Maryland-based security consultancy Seismic and exploiting it involves an old a technique called DNS rebinding.

By visiting a maliciously crafted website, vulnerable routers can be tricked into giving up a visitor's IP address as if it were a secondary IP address for that site. This in turn allows the router's administrative front-end to be compromised, enabling hackers to gather information from the router, monitor traffic, and access machines on the victim's network. Though these router front-ends are normally password-protected, most people don't bother changing the default passwords, and even when they do, security flaws within the front-end may allow the password to be bypassed anyway.

Modern browsers offer some level of protection against such attacks, but not with this particular scenario -- for reasons that are due to be explained at the Black Hat conference. The researchers claim these vulnerabilities have been known for a while, which is why they've announced plans to release a proof-of-concept tool that will facilitate such attacks, with hopes that browser writers and router vendors will finally come around fixing the issue.

A list of vulnerable routers tested so far can be found here -- the last column indicates whether the specific router listed is prone to this sort of attack or not. While we wait for more details to become available, lists some possible workarounds such as updating your router's firmware and using strong passwords.

User Comments: 14

Got something to say? Post a comment
posermobile89 said:

Does anybody if DD-WRT is vulnerable? I flashed my router with that awhile back...

Guest said:

same boat here.

Jos Jos said:

@posermobile89, DD-WRT v24 is vulnerable. As mentioned on the last paragraph, a list of vulnerable routers tested so far can be found at [link]

JMMD JMMD, TechSpot Chancellor, said:

I've been seeing this info for a while but I have yet to see any router manufacturers respond. From my experience, they don't really keep up with firmware updates once the router is a few years old. Even current models haven't had regular updates.

posermobile89 said:

@Jos, Thanks. I opened the link, but i missed that one. I was hoping for protection with that :/

jobeard jobeard, TS Ambassador, said:

ALL routers are susceptible *IF* the admin password has been left in the default settings

Vrmithrax Vrmithrax, TechSpot Paladin, said:

From what I read elsewhere, DD-WRT is only really vulnerable in the case of hacked or guessed admin passwords. The recent builds don't seem to have the vulnerability that will let people get around the admin login.

And, quite honestly, if you have left the default password on your router, you've been asking to get hacked since day 1. It's basic security 101, change all of the defaults: router name (SSID), password, IP Address (if you can), etc.

jobeard jobeard, TS Ambassador, said:

For obvious reasons, I'll not disclose the technical HOW-TO, but using the default login and

a trivial piece of web-client-side programming, it is possible to entirely reload even the firmware of 99% of the current routers available.

The issue is, as already said

if you have left the default password on your router, you've been asking to get hacked since day 1.
you're on the ragged edge with the default configuration.

treetops treetops said:

Looks like my old routers on there but my new one is not, they all thought I was crazy to add my own password to my router, but whos laughing now?!!!?!!

Zeromus said:

I hear there's a virus that can make the router push it's reset button! Oh the horror!

Guest said:

Does any one know if a netgear CG814GCMR is vulnerable?

jobeard jobeard, TS Ambassador, said:

Does any one know if a netgear CG814GCMR is vulnerable?

see #9 above

Leeky Leeky said:

Do people really keep the default password on there router?!?

First thing I do is change the default password to a 16 digit hexadecimal one using a password generator. Second thing is to uncheck allow remote login, so you need to be physically connected by ethernet cable to even login with the correct details.

Then my SSID is changed, and a stupidly long hexadecimal password is used, with WPA PSK security. then my SSID is hidden, so it doesn't broadcast itself.

I also change the password every other month. At least if someone is trying to hack it it'll probably take long to brute force it than the password is live!

Then to top it all off, connections are granted by MAC address, so only computers in the whitelist can connect to the router.

Its an **** updating everything every other month, but I refuse to have anyone use my 50mb connection or have access to my files once in the router.

One thing I don't ever do is use the windows Automatic connection wizard thing by pressing the button on the side of my router... I did it once and 3 of my neighbours wireless computers connected to my network!

I'm using a D-Link DIR-615 with wwrt firmware... So I hope its safe or I'll be changing it!

jobeard jobeard, TS Ambassador, said:

You're spot on - - be procative and take control

Do people really keep the default password on there router?!? !
sadly, yes especially non-wifi users as the devices require no configuration to become

accessible and the instructions do not suggest the need to change anything (but do users read them at all :sigh: )

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.