Millions of routers vulnerable to hack attack - Is yours?
Summary: According to security researcher Craig Heffner, about half the existing models of home routers, including most Linksys, Dell, and Verizon, are vulnerable to being hacked.
According to security researcher Craig Heffner, about half the existing models of home routers, including most Linksys, Dell, and Verizon, are vulnerable to being hacked.
The hack relies on tricking people to visit a malicious website. From that point on, the router itself can be hijacked and the poor user redirected pretty much anywhere the hacker wants them to go.
The hack relies on a hack known as "DNS rebinding," something that has been around for nearly 15 years:
The hack exploits an element of the Domain Name System, or DNS, the Internet's method of converting Web page names into IP address numbers. (When you visit Google.com, for instance, a domain name server might convert that name into the IP address 72.14.204.147.) Modern browsers have safeguards that prevent sites from accessing any information that's not at their registered IP address.But a site can have multiple IP addresses, a flexibility in the system designed to let sites balance traffic among multiple servers or provide backup options.
Heffner's trick is to create a site that lists a visitor's own IP address as one of those options. When a visitor comes to his booby-trapped site, a script runs that switches its alternate IP address--in reality the user's own IP address--and accesses the visitor's home network, potentially hijacking their browser and gaining access to their router settings.
Heffner has tested 30 routers and found about half of them to be vulnerable, through a combination of either a software flaw or a weak settings password.
Think you're safe because you use OpenDNS or Firefox NoScript plug-in? Think again! According to Heffner, this doesn't offer any protection.
So, what to do if your router is vulnerable? Well, check for updates, but if they're not forthcoming, buy a new one. Oh, and change those default passwords, every hackers knows them!
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
...requires direct access to router <whew>
"Heffner's method still requires the attacker to compromise the victim's router after gaining access to his or her network."
So a good defense would be, to implement some common sense or "basic" security settings on the router
"That means concerned users should make sure their router's firmware is updated and patched, and that they're not using default security settings."
So only use WPA2, disable wireless & external admin, be cautious of any port-forwarding or application / game settings and you should be ok.
WPA2 Usage CANNOT be Overemphasized
Not certain exactly what you mean by using WPA2 and disabling wireless as WPA2 encrypts the wireless medium (cable medium doesn't require encryption).
People should avoid using WEP and WPA because those give a false sense of security. On my own network, I had both WPA2 AND WPA enabled, and somehow someone was able to both hack the router and crack the password. After that, I forced everyone in the house to switch to WPA2.
what he is referring to is...
HTH! -Mike
Re: what he is referring to is...
I understand "[t]he ability to administer the router when the connection is wireless." What I don't understand is the referral to of WPA2 usage AND the disabling of the wireless medium/access point in the same sentence. One cannot use WPA2 (or, for that matter, either WPA or WEP) if the wireless medium/access point is disabled.
Was ~doolittle~ merely being redundant in the way s/he wrote that particular sentence? I don't know; and so, that's what I'm curious about.
RE: Millions of routers vulnerable to hack attack - Is yours?
What I thnk he saying is to use WPA2 security and to disable administering the router from the WAN side and from a wireless connection. You can still have wireless connections, just that any attempt to administer the router from a wireless connection would be refused. To administer the router, you would need a wired connection so the hacker would need to either connect to your wired network which might be a trifle noticeable or to compromise a wired machine and then use it to attack the router.
Pretty much makes your neightbour's router the easier target so you get left alone.
That's the beauty of living out in the country!
The other things to do is quite simple:
1. LIMIT your DHCP IP connection pool to only the number of devices you own!
2. Use the full range of letters, numbers, symbols and yes Space characters your Router allows in your password.
3. Use the limit of characters as well. The more the merrier in this case. Brute Forcer's have a limit or at least a hacker has to have the patience of a Saint, to crunch your password and in this case they don't have the time to waste going over 10 to 12 characters (I use 20)!
4. MOST IMPORTANTLY! Disable remote access to your router and you will never get hit by this vulnerability in the first place!!!
RE: Millions of routers vulnerable to hack attack - Is yours?
I think...
This refers to not broadcasting the SSID, keep it hidden. If they can't see it then they can't hack it, except if they KNOW the name.
RE: Millions of routers vulnerable to hack attack - Is yours?
RE: Millions of routers vulnerable to hack attack - Is yours?
No, read the article.
RE: Millions of routers vulnerable to hack attack - Is yours?
*-WRT
OpenWRT is listed as vulnerable. Is that different from DD-WRT? I am running Linksys WRT54G v3 (vulnerable with Linksys firmware) with DD-WRT. My PW is NOT the default. I feel safe. Is that justified?
DD-WRT and OpenWRT are not the same.
As long as your password is sufficiently strong, you're justified in feeling reasonably safe from having your router compromised.
DD-WRT and PFSense also vulnerable
DD-WRT v24 was also mentioned as vulnerable to this exploit as was PFSense 1.2.3-RC3. However, I would expect that there will be patched versions very soon for many of the exploitable software routers as they are very popular, widely used and are usually very secure and up to date. Keep an eye out for newer releases and patches.
RE: Millions of routers vulnerable to hack attack - Is yours?
This can't be true ...
Right.
And where did you hear this?
First, this news has nothing to do with Linux.
Second, Where did you hear that there are no bugs? I am sure it wasn't from an open-source source.
its sarcasm
RE: Millions of routers vulnerable to hack attack - Is yours?
But this isn't a Windows or a Linux flaw. It's a flaw in DNS.
RE: Millions of routers vulnerable to hack attack - Is yours?
I think you'll find that Linksys, DLink, Buffalo, et al use Linux to drive their routers.
So, how could this possibly have happened? How could there possibly be a flaw in Linux's implementation of DNS? I mean ... the source is right there for you to see!!! How could the OSS world not have seen and identified this flaw long ago? HOW HOW HOW????
And perhaps more interestingly, HOW is the fix for this issue going to be distributed and downloaded to all the affected routers in the world?