Millions of routers vulnerable to hack attack - Is yours?

Millions of routers vulnerable to hack attack - Is yours?

Summary: According to security researcher Craig Heffner, about half the existing models of home routers, including most Linksys, Dell, and Verizon, are vulnerable to being hacked.

SHARE:
TOPICS: Networking, Security
61

According to security researcher Craig Heffner, about half the existing models of home routers, including most Linksys, Dell, and Verizon, are vulnerable to being hacked.

The hack relies on tricking people to visit a malicious website. From that point on, the router itself can be hijacked and the poor user redirected pretty much anywhere the hacker wants them to go.

The hack relies on a hack known as "DNS rebinding," something that has been around for nearly 15 years:

The hack exploits an element of the Domain Name System, or DNS, the Internet's method of converting Web page names into IP address numbers. (When you visit Google.com, for instance, a domain name server might convert that name into the IP address 72.14.204.147.) Modern browsers have safeguards that prevent sites from accessing any information that's not at their registered IP address.

But a site can have multiple IP addresses, a flexibility in the system designed to let sites balance traffic among multiple servers or provide backup options.

Heffner's trick is to create a site that lists a visitor's own IP address as one of those options. When a visitor comes to his booby-trapped site, a script runs that switches its alternate IP address--in reality the user's own IP address--and accesses the visitor's home network, potentially hijacking their browser and gaining access to their router settings.

Heffner has tested 30 routers and found about half of them to be vulnerable, through a combination of either a software flaw or a weak settings password.

Think you're safe because you use OpenDNS or Firefox NoScript plug-in? Think again! According to Heffner, this doesn't offer any protection.

So, what to do if your router is vulnerable? Well, check for updates, but if they're not forthcoming, buy a new one. Oh, and change those default passwords, every hackers knows them!

Topics: Networking, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

61 comments
Log in or register to join the discussion
  • ...requires direct access to router <whew>

    I was quite alarmed until I read this:

    "Heffner's method still requires the attacker to compromise the victim's router after gaining access to his or her network."

    So a good defense would be, to implement some common sense or "basic" security settings on the router

    "That means concerned users should make sure their router's firmware is updated and patched, and that they're not using default security settings."

    So only use WPA2, disable wireless & external admin, be cautious of any port-forwarding or application / game settings and you should be ok.
    ~doolittle~
    • WPA2 Usage CANNOT be Overemphasized

      @~doolittle~

      Not certain exactly what you mean by using WPA2 and disabling wireless as WPA2 encrypts the wireless medium (cable medium doesn't require encryption).

      People should avoid using WEP and WPA because those give a false sense of security. On my own network, I had both WPA2 AND WPA enabled, and somehow someone was able to both hack the router and crack the password. After that, I forced everyone in the house to switch to WPA2.
      nbahn
      • what he is referring to is...

        @nbahn The ability to administer the router when the connection is wireless. Theoretically, if the 'compromised' / attacked PC is connecting via wireless - disabling this setting should prevent the attack.

        HTH! -Mike
        SpikeyMike
      • Re: what he is referring to is...

        @SpikeyMike

        I understand "[t]he ability to administer the router when the connection is wireless." What I don't understand is the referral to of WPA2 usage AND the disabling of the wireless medium/access point in the same sentence. One cannot use WPA2 (or, for that matter, either WPA or WEP) if the wireless medium/access point is disabled.

        Was ~doolittle~ merely being redundant in the way s/he wrote that particular sentence? I don't know; and so, that's what I'm curious about.
        nbahn
      • RE: Millions of routers vulnerable to hack attack - Is yours?

        @nbahn

        What I thnk he saying is to use WPA2 security and to disable administering the router from the WAN side and from a wireless connection. You can still have wireless connections, just that any attempt to administer the router from a wireless connection would be refused. To administer the router, you would need a wired connection so the hacker would need to either connect to your wired network which might be a trifle noticeable or to compromise a wired machine and then use it to attack the router.

        Pretty much makes your neightbour's router the easier target so you get left alone.
        DNSB
      • That's the beauty of living out in the country!

        @nbahn If you do use wireless (which I don't), the odds of anyone coming along and hacking you are nil to none, out in the country!

        The other things to do is quite simple:
        1. LIMIT your DHCP IP connection pool to only the number of devices you own!
        2. Use the full range of letters, numbers, symbols and yes Space characters your Router allows in your password.
        3. Use the limit of characters as well. The more the merrier in this case. Brute Forcer's have a limit or at least a hacker has to have the patience of a Saint, to crunch your password and in this case they don't have the time to waste going over 10 to 12 characters (I use 20)!
        4. MOST IMPORTANTLY! Disable remote access to your router and you will never get hit by this vulnerability in the first place!!!
        i2fun@...
      • RE: Millions of routers vulnerable to hack attack - Is yours?

        @nbahn he was talking about wireless admin
        bobjones2007
      • I think...

        @nbahn
        This refers to not broadcasting the SSID, keep it hidden. If they can't see it then they can't hack it, except if they KNOW the name.
        ryanstrassburg
        • reply

          @ryan this is untrue i can think of 2 programs off the top of my head which detect hidden ssid airjack,airsnort... nothing is ever truly hidden which is why you allways want to have a strong wpa2 pass
          Shane Andrews
  • RE: Millions of routers vulnerable to hack attack - Is yours?

    so if I have a good pwd on my router, I'm safe?
    gtvr
    • RE: Millions of routers vulnerable to hack attack - Is yours?

      @gtvr

      No, read the article.
      Qbt
  • RE: Millions of routers vulnerable to hack attack - Is yours?

    download the opensource Router program DD-WRT for your Linksys. Go to http://www.DD-WRT.com and see if your router is compatible for this upgrade. It's a who new interface for the Linksys routers.
    Maarek
    • *-WRT

      @Maarek

      OpenWRT is listed as vulnerable. Is that different from DD-WRT? I am running Linksys WRT54G v3 (vulnerable with Linksys firmware) with DD-WRT. My PW is NOT the default. I feel safe. Is that justified?
      Economister
      • DD-WRT and OpenWRT are not the same.

        @Economister <br><br>They might do the same sorts of things but they are different. They <u>may</u> share some code, so I wouldn't swear that they don't have the same vulnerability though.

        As long as your password is sufficiently strong, you're justified in feeling reasonably safe from having your router compromised.
        Letophoro
      • DD-WRT and PFSense also vulnerable

        @Economister
        DD-WRT v24 was also mentioned as vulnerable to this exploit as was PFSense 1.2.3-RC3. However, I would expect that there will be patched versions very soon for many of the exploitable software routers as they are very popular, widely used and are usually very secure and up to date. Keep an eye out for newer releases and patches.
        james.graham@...
      • RE: Millions of routers vulnerable to hack attack - Is yours?

        @james.graham... - DD-WRT v24 didn't make you change the admin password; one of the changes made in v24 SP1 was being required to change the admin password the first time you access the menus. That was over a year ago... not sure if they've released v24 SP2 yet, or not. It still said 'PRE-SP2' the last time I looked at new builds... brainslayer seems to concentrate on different brands than Eko does, and I don't know how (or even if) they reconcile the differences in their coding when a new version is officially released.
        Darr247
  • This can't be true ...

    ... I mean, it's well known that Linux and Unix have no known bugs because all their source is published and thoroughly scanned and vetted by the community, right?

    Right.
    de-void-21165590650301806002836337787023
    • And where did you hear this?

      @de-void :
      First, this news has nothing to do with Linux.

      Second, Where did you hear that there are no bugs? I am sure it wasn't from an open-source source.
      rarsa
      • its sarcasm

        @rarsa
        KBot
      • RE: Millions of routers vulnerable to hack attack - Is yours?

        rarsa said: "First, this news has nothing to do with Linux."<br><br>Uh, yes it does. Perhaps you don't know that some of these routers run Linux. DD-WRT, Open-WRT and Tomato are nothing but Linux with a web GUI.

        But this isn't a Windows or a Linux flaw. It's a flaw in DNS.
        KodiacZiller