Home › News › Security
Millions of routers vulnerable to web attack
By visiting a maliciously crafted website, vulnerable routers can be tricked into giving up a visitor's IP address as if it were a secondary IP address for that site. This in turn allows the router's administrative front-end to be compromised, enabling hackers to gather information from the router, monitor traffic, and access machines on the victim's network. Though these router front-ends are normally password-protected, most people don't bother changing the default passwords, and even when they do, security flaws within the front-end may allow the password to be bypassed anyway.
Modern browsers offer some level of protection against such attacks, but not with this particular scenario -- for reasons that are due to be explained at the Black Hat conference. The researchers claim these vulnerabilities have been known for a while, which is why they've announced plans to release a proof-of-concept tool that will facilitate such attacks, with hopes that browser writers and router vendors will finally come around fixing the issue.
A list of vulnerable routers tested so far can be found here -- the last column indicates whether the specific router listed is prone to this sort of attack or not. While we wait for more details to become available, Notebooks.com lists some possible workarounds such as updating your router's firmware and using strong passwords.
Related Stories
User Comments (14)
Post a comment|
posermobile89
on July 21, 2010 1:28 PM |
Does anybody if DD-WRT is vulnerable? I flashed my router with that awhile back... |
|
Guest
on July 21, 2010 1:36 PM |
same boat here. |
|
Jos
on July 21, 2010 1:47 PM |
@posermobile89, DD-WRT v24 is vulnerable. As mentioned on the last paragraph, a list of vulnerable routers tested so far can be found at [link] |
|
JMMD
on July 21, 2010 1:49 PM |
I've been seeing this info for a while but I have yet to see any router manufacturers respond. From my experience, they don't really keep up with firmware updates once the router is a few years old. Even current models haven't had regular updates. |
|
posermobile89
on July 21, 2010 1:55 PM |
@Jos, Thanks. I opened the link, but i missed that one. I was hoping for protection with that :/ |
|
jobeard
on July 21, 2010 2:35 PM |
ALL routers are susceptible *IF* the admin password has been left in the default settings |
|
Vrmithrax
on July 21, 2010 3:06 PM |
From what I read elsewhere, DD-WRT is only really vulnerable in the case of hacked or guessed admin passwords. The recent builds don't seem to have the vulnerability that will let people get around the admin login. And, quite honestly, if you have left the default password on your router, you've been asking to get hacked since day 1. It's basic security 101, change all of the defaults: router name (SSID), password, IP Address (if you can), etc. |
|
jobeard
on July 21, 2010 3:11 PM |
For obvious reasons, I'll not disclose the technical HOW-TO, but using the default login and a trivial piece of web-client-side programming, it is possible to entirely reload even the firmware of 99% of the current routers available. The issue is, as already said if you have left the default password on your router, you've been asking to get hacked since day 1. you're on the ragged edge with the default configuration.
|
|
treetops
on July 21, 2010 11:05 PM |
Looks like my old routers on there but my new one is not, they all thought I was crazy to add my own password to my router, but whos laughing now?!!!?!! |
|
Zeromus
on July 22, 2010 5:25 PM |
I hear there's a virus that can make the router push it's reset button! Oh the horror! |
|
Guest
on July 25, 2010 3:17 PM |
Does any one know if a netgear CG814GCMR is vulnerable? |
|
jobeard
on July 25, 2010 10:47 PM |
Does any one know if a netgear CG814GCMR is vulnerable? see #9 above |
|
Leeky
on July 26, 2010 4:00 AM |
Do people really keep the default password on there router?!? First thing I do is change the default password to a 16 digit hexadecimal one using a password generator. Second thing is to uncheck allow remote login, so you need to be physically connected by ethernet cable to even login with the correct details. Then my SSID is changed, and a stupidly long hexadecimal password is used, with WPA PSK security. then my SSID is hidden, so it doesn't broadcast itself. I also change the password every other month. At least if someone is trying to hack it it'll probably take long to brute force it than the password is live! Then to top it all off, connections are granted by MAC address, so only computers in the whitelist can connect to the router. Its an **** updating everything every other month, but I refuse to have anyone use my 50mb connection or have access to my files once in the router. One thing I don't ever do is use the windows Automatic connection wizard thing by pressing the button on the side of my router... I did it once and 3 of my neighbours wireless computers connected to my network! I'm using a D-Link DIR-615 with wwrt firmware... So I hope its safe or I'll be changing it! |
|
jobeard
on July 26, 2010 10:11 AM |
You're spot on - - be procative and take control
Do people really keep the default password on there router?!? ! sadly, yes especially non-wifi users as the devices require no configuration to become accessible and the instructions do not suggest the need to change anything (but do users read them at all :sigh: ) |
Most Popular
| Trending | Featured |
-
iOS 5.1.1 untethered jailbreak tool released, supports 4S, iPad 3
-
After five days, Facebook ranks as worst IPO flop of the decade
-
Rumor: Windows 8 RC will launch June 1, will ship with Adobe Flash
-
Rumor: AMD "Piledriver" FX CPU production to begin Q3 2012
-
Is Apple's USB wall adapter really worth $29?
Editors' Keyboard Picks
Subscribe to TechSpot
Get free exclusive content, learn about new features and tech breaking news.
