LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   "Millions" Of Home Routers Vulnerable To Web Hack (https://www.linuxquestions.org/questions/linux-security-4/millions-of-home-routers-vulnerable-to-web-hack-821137/)

win32sux 07-20-2010 08:38 PM
"Millions" Of Home Routers Vulnerable To Web Hack
 
Quote:
The upcoming Black Hat security conference in Las Vegas offers an annual parade of security researchers revealing new ways to break various elements of the Internet. But few of the talks have titles quite as alarming as one on this year's schedule: "How to Hack Millions of Routers."

Craig Heffner, a researcher with Maryland-based security consultancy Seismic, plans to release a software tool at the conference later this month that he says could be used on about half the existing models of home routers, including most Linksys, Dell, and Verizon Fios or DSL versions. Users who connect to the Internet through those devices and are tricked into visiting a page that an attacker has set up with Heffner's exploit could have their router hijacked and used to steal information or redirect the user's browsing.
Complete Article

Thanks to Threatpost for covering this.

mostlyharmless 07-21-2010 12:12 AM
Looks like all you need to do is change the default password on the router to stop this from working, assuming you have a vulnerable router.

orgcandman 07-21-2010 08:17 AM
Quote:
Originally Posted by mostlyharmless (Post 4040261)
Looks like all you need to do is change the default password on the router to stop this from working, assuming you have a vulnerable router.
That's not entirely correct. At the end of the day, the issue is that the exploit gives access to the router from the browser. Reflecting a vulnerability to that router becomes slightly less trivial, but many routers still have many software flaws.

Keeping your router's firmware up to date would also be recommended. Additionally, there may be other preventative methods revealed in the BH talk.

mostlyharmless 07-21-2010 03:34 PM
True enough, and I certainly think it's a good warning nonetheless, but the message about changing the password at least makes routine automated break-in of your network considerably more difficult. Most security, computer or otherwise, is relative.

GazL 07-21-2010 04:12 PM
My linksys WRT allows the http/s admin interface to be disable on both wifi and wan side interfaces. If you do that and use wifi, the only vector left that I can think of would be the dhcp server, and disabling that and using static addresses would sort that out.

Apart from that, how about adding an iptables block rule on the system you're using to browse from to stop it establishing a connection with ports on your router.


All times are GMT -5. The time now is 10:41 PM.