A researcher plans to launch a hacking tool that will break into millions of home networks. Oh, and have a nice day while you're at it.
Now here's something to be worried about: according to report first published by Forbes, a researcher from Maryland-based security consultancy Seismic plans to release a software tool that will hack into millions of routers used on home networks. The tool is expected to be made available during the upcoming Black Hat security conference in Las Vegas, and will have the ability to hack into routers manufactured by Linksys, Dell, Verizon (Fios, DSL) and more.
Apparently the tool uses a variation on a technique known as "DNS rebinding." It takes advantage of an age-old problem with the DNS system where websites balance traffic by offloading visitors to additional IP addresses. "There have been plenty of patches over the years, but this still hasn't really been fixed," said Craig Heffner, the researcher behind the hacking tool.
Heffner's tool works something like this: web surfers are tricked into visiting a website that contains special script--this script changes the DNS of the website and instead uses the DNS of the visitor, granting the hacker access the user's home network. The hacker could then hijack the browser and access the router's settings.
Current browsers have safeguards the prevent hackers from performing the DNS rebinding trick. However Heffner has found a way around those roadblocks, and apparently it wasn't a difficult task. "The way that [those patches] are circumvented is actually fairly well known," Heffner said. "It just hasn't been put together like this before."
Could your router be one of the models susceptible to Heffner's attack? Find out by locating your model on this list. Out of 30 models he tested, Heiffner said that about half were vulnerable.
The good news here is that his method of attack requires the hacker to compromise the victim's router after gaining access to the home network. One of the best ways to keep hackers out of the router is to change the default login password, and keep the firmware up-to-date.
Still, why make this hacking tool available for the public? Why would any "researcher" put millions of users at risk of hijacking and data theft? Simple. To draw attention and (finally) get the problem fixed.
"I’m not the first to give a Black Hat talk on DNS rebinding, and I won’t be last," he said. "Everyone has had ample time to fix this."