300,000 routers hijacked, modified in malicious attack

By Scorpus ยท 9 replies
Mar 4, 2014
Post New Reply
  1. Another malicious router attack has been uncovered by researchers, which so far has affected over 300,000 home and small-office routers from manufacturers including D-Link, TP-Link, Micronet and Tenda. Hackers have successfully compromised the routers in question and changed DNS server...

    Read more
  2. Cycloid Torus

    Cycloid Torus Stone age computing. Posts: 3,000   +653

    Can anyone direct me to the best mitigation strategies? My guess is check the router & use strong password, but that I am sure is incomplete and woefully inadequate.
    wastedkill likes this.
  3. wastedkill

    wastedkill TS Evangelist Posts: 1,423   +350

    I would say use custom firmware as then you know exactly what is being change on the router as well as what kind of security the router will then have plus custom firmware like the tomato mod seems to be doing very nicely.
  4. cartera

    cartera TS Evangelist Posts: 365   +113

    Disable remote access to the router or use a different username and strong password and change the access port number. Also as wastedkill said, use custom firmware but use the first advice also.
    jobeard likes this.
  5. wastedkill

    wastedkill TS Evangelist Posts: 1,423   +350

    Lets not forget disable FTP entirely on the router as well.
    cartera likes this.
  6. tipstir

    tipstir TS Ambassador Posts: 2,472   +126

    You can always pull the ISP cord out before you go to bed. All home routers have all sorts of holes. You can disable VPN tunnel, FTP, Remote etc..
  7. tonylukac

    tonylukac TS Evangelist Posts: 1,372   +69

    It's difficult to use other than default passwords when trying to repair other's routers like I do. They say this hack doesn't matter what the password is. I was never able to sign on to any of my routers remotely nor without knowing the wifi password, so I think when worrying we should give ease of repair a chance. Very often users have no clue.
  8. cartera

    cartera TS Evangelist Posts: 365   +113

    Not sure if you missed a step, I was talking about the password to access the routers remote administration page not the wifi password, 99% of home users do not use or need remote access. The wifi password has nothing to do with this the hackers are likely to be on the other side of the world rather than next door.

    I agree with your last sentence though ;)
  9. wujj123456

    wujj123456 TS Enthusiast Posts: 33   +8

    Printing a random default password on the router label could work for repair, but will have much better security against remote hackers. I really hope every vendor who produce equipments could follow this rule. Or encrypt/hash the factory mac address with some private key only vendor knows if keeping a database of default passwords are too expensive. (That's like image signing in our smartphone). Techniques are there for a long time, just vendors choose not to do it, which is really sad.
  10. Mbloof

    Mbloof TS Rookie Posts: 56   +7

    While an "alarming" sounding article, if you click through to the ACTUAL data the report authors don't break down how many of the 300K "compromised routers" were 'attacked' via an open to the internet facing (remote) admin/config interface and/or via surfing by a roge website which installed javascript which ether read the stored login credentials or hacked weak or default admin passwords to gain access to the routers configuration pages on the LAN side.

    Clearly some 'social engineering' involved to direct enough users to the rogue website which contained the java/javascript code used to gain access to the routers in question.

    Moral(s): Always do extensive firewall testing of a new router before putting in service, never ever have remote access to your routers configuration page enabled, never allow your browser to save webforms or auto fill in passwords for you, always use strong passwords, never use a routers default configuration and last but not least: java, javascript and flash are security risks that are easily avoided and +90% of the web can be used without.

    Considering the countless millions of routers out in the 'wild' the 300K represents a very small percentage but worth noting as many of the OEM's involved sell models for the US.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...