Researchers outline Wi-Fi router hijacking via browser

Summary:Two security researchers have outlined how hackers can use a Web browser and a little Shockwave file to exploit most Wi-Fi routers.Ryan Naraine interviewed two researchers, Adrian Pastor and Petko D.

Two security researchers have outlined how hackers can use a Web browser and a little Shockwave file to exploit most Wi-Fi routers.

Ryan Naraine interviewed two researchers, Adrian Pastor and Petko D. Petkov, at the GNUCITIZEN think tank. Their big conclusion: It's trivial to construct "a massive router botnet" using a common protocol baked into modern routers.

GNUCITIZEN provides the details in a document and FAQ. For what it's worth I found the FAQ to be much more straightforward. In a nutshell, most routers use a protocol called Universal Plug and Play (UPnP) by default. Since UPnP can be accessed without authorization, a malicious Flash file can send messages. In other words, a hacker can reconfigure the router to do what he wants including redirects, reset admin credentials and all settings.

The easiest solution is to disable UPnP in your router, according to GNUCITIZEN. Taken further these flaws could create quite a bit of havoc on a municipal Wi-Fi network.

Topics: Wi-Fi, Browser, Networking

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.