Millions of Home Routers Will Soon Be Hacked
A researcher plans to launch a hacking tool that will break into millions of home networks. Oh, and have a nice day while you're at it.
Now here's something to be worried about: according to report first published by Forbes, a researcher from Maryland-based security consultancy Seismic plans to release a software tool that will hack into millions of routers used on home networks. The tool is expected to be made available during the upcoming Black Hat security conference in Las Vegas, and will have the ability to hack into routers manufactured by Linksys, Dell, Verizon (Fios, DSL) and more.
Apparently the tool uses a variation on a technique known as "DNS rebinding." It takes advantage of an age-old problem with the DNS system where websites balance traffic by offloading visitors to additional IP addresses. "There have been plenty of patches over the years, but this still hasn't really been fixed," said Craig Heffner, the researcher behind the hacking tool.
Heffner's tool works something like this: web surfers are tricked into visiting a website that contains special script--this script changes the DNS of the website and instead uses the DNS of the visitor, granting the hacker access the user's home network. The hacker could then hijack the browser and access the router's settings.
Current browsers have safeguards the prevent hackers from performing the DNS rebinding trick. However Heffner has found a way around those roadblocks, and apparently it wasn't a difficult task. "The way that [those patches] are circumvented is actually fairly well known," Heffner said. "It just hasn't been put together like this before."
Could your router be one of the models susceptible to Heffner's attack? Find out by locating your model on this list. Out of 30 models he tested, Heiffner said that about half were vulnerable.
The good news here is that his method of attack requires the hacker to compromise the victim's router after gaining access to the home network. One of the best ways to keep hackers out of the router is to change the default login password, and keep the firmware up-to-date.
Still, why make this hacking tool available for the public? Why would any "researcher" put millions of users at risk of hijacking and data theft? Simple. To draw attention and (finally) get the problem fixed.
"I’m not the first to give a Black Hat talk on DNS rebinding, and I won’t be last," he said. "Everyone has had ample time to fix this."
- TDK Releasing 100GB BDXL Disc Soon
- Taranis: The Unmanned Fighter of the Future
- The Tandem Bike Powered by a Pedaling Robot
- The Washing Machine You Carry Around
- Lamp With Phone/PMP Holder for the Minimalist
- SoloPower Makes Home Solar Panel Installs Easy
- Boeing Phantom Eye Spyplane to Emit Only Water
- Xbox 360 S 4GB, Kinect All Officially Priced, Dated
- Playboy's Boobless Safe For Work Site Goes Live
- Report: Verizon Launching 4G Network Nov. 15
- Samsung's Epic 4G Shows Up in FCC Filing
- Report: Verizon Killing Unlimited Data Next Week
- Skype Multitasks on iPhone; Voice Plans Useless
- Guy Uses Craigslist to Trade Phone Up to Porsche
- 50 Hours: World's Longest Gaming Session
- Robbers Using Electronics as Bait on Craigslist
- World’s First Pirate ISP Launching Soon
- Microsoft Releases New Security Essentials Beta
-
Latest LinkSys News
- Millions of Home Routers Will Soon Be Hacked
Good, maybe it'll get fixed.
Awesome my old router is not vulnerable, best 5$ I ever spent... lol
Damn it.
I just checked my router's password...lol Wasn't sure if I had changed it.
lulz
Yep
Good luck with mine. WPA2 + RADIUS + very complex router password...
m0n0wall
One word - SMOOTHWALL. Even before this it was not uncommon knowledge that consumer grade routers are a joke.
Still need to 'trick' the user in to visiting a website. Good luck with that one.
BUT I hear 92.7% of Americans get this optical illusion wrong! I gotta prove that I can get it right!
Hmm... yeah, cause grandma and mom and dad and your aunt susan and brother-in-law phil all know what firmware is and what "update your firmware" means. Is this guy releasing the hack going to go into the millions of homes that currently use these routers and upgrade them? No? Even if Linksys and Netgear and everyone updates their products, the defective products will still exist in peoples homes. Is this researcher going to refund everyone the money they spent on insecure routers so they can buy new routers? No?
Then I guess all this asshole has done is give script kiddies more tools to hack unsuspecting individuals. Way to go, like we need more dickheads in the world.
very smooth trick to gain quick access to someones router..but anyone would be quite the fool to not use a good password for their router.
heh.. change the default router password is one of the first things I do.. and instruct my parents to do as well.
all they have do really is have a feature (for new firmware/routers) that you cant have internet access until you changed the default password
i dont know why they havent done that, having default pass is stupid its only there to do a hard reset (physically) oh well i guess lots of companies are going to get lots of complaints... suits them right... but feel sorry for all the ppl who dont have a clue what firmware means... or that they can even get into a router...
I believe the intent here is to force the router manufacturers to address this problem in a meaningful fashion. He's really not giving something new to the hacker community. This is an old and well-known vulnerability.
The bottom line is that the destination site must be corrupted with the appropriate script. A site like Tom's isn't likely to do that; and sites that would (porns sites primarily), already use browser vulnerabilities to disseminate malware.
Still, why make this hacking tool available for the public? Why would any "researcher" put millions of users at risk of hijacking and data theft?
To sell the fix to millions and get rich..
got a Honey Pot setup for people like this. I'll be watching you fail.
you'll never make a system 100% secure. it will N E V E R happen. Not even your high priced CISCO boxes, with the command scripts can make it 100%. Hell look at upnp, it's based off of a syntax/infrastructure that died in 2001 but its still used today. GRE is the way in.
@extremepcs...your wpa2 + radius + complex password will not protect you from this kind of attack!
also for a classic example on how this wont make a lick of difference look at how Symantec Antivirus is still one of the most purchased corporate solutions. Yet its success rate is worse than the Kansas City Royals!
Well, I am on the safe list. for now.....
Smoothwall is a good idea, I use Clear OS formerly known as Clark Connect. Both offer way more then any home router. I do have a home router but it just an AP now because it is cheaper then an AP. I do like the Linux solution as I can have a proxy, antivirus, intrusion detection, PPTP or SSL VPN endpoint, web server, NAS, DLNA server, and even more rolled into one. Then VPN has been great for road warrior access to files and remote desktops that I would never trust a simple router or hosting site to perform.
A lot of people I know have these routers I recommend having one over directly hooking a PC to any broadband connection, even if you aren't sharing the connection. I will have to check my friends and family to make sure they have changed their passwords.
No one will ever figure out the password to my router. admin
come change my settings guys
luckily i changed my password to Password2 so he will never be able to get in lol
have fun with my Pix box.
@extremepcs...your wpa2 + radius + complex password will not protect you from this kind of attack!
How do you figure? I know it's not a wireless exploit - I have a complex password. Besides, I use Smoothwall anyway!
Lol, Sandmanwn has the answer. I Baffle'm with real looking BS. Its easy to mess up good data and copy it. And I also do all the right things too. It takes time to find the real diamonds in a pile of fakes, thus an easier target becomes more attractive. Or they make off quick with BS data!EX: Lilly Munster 1313 Mockingbird Lane...
Hooray for my 6 year old router that will hold its ground!
Only Obama can save us..I'm sure it would be safe in his hands.
I'll trust a con artist to handle my bank account before I trust Obama with anything else in this world. He's jacked things up enough.
if he wanted this to be more impressive, he will make a virus, that infects millions of routers, and FIXES security holes. would it be evil, or good?