The Black Hat Security conference is going on now in Vegas. Scanning through the list of presentations, this one really stood out, “How to Hack Millions of Routers" by Craig Heffner.
According to the description, “This talk will demonstrate how many consumer routers can be exploited via DNS rebinding to gain interactive access to the router’s internal-facing administrative interface.”
The DNS binding attack has been known for a while, but it looks like Craig has found a new spin on the attack. According to a Forbes article, an attacker places a malicious script on a web page.
When the page is visited, it switches the webpage IP address visited with the IP address of your firewall/ router. It then gives the script access to view the router contents, and interact with it.
Which routers are susceptible to this attack? Oh, a few, and you probably recognize their names, “Confirmed affected routers include models manufactured by Linksys, Belkin, ActionTec, Thompson, Asus and Dell, as well as those running third-party firmware such as OpenWRT, DD-WRT and PFSense.”
Also at the conference, Craig is going to release the tool that automates the attack, “A tool release will accompany the presentation that completely automates the described attack and allows an external attacker to browse the Web-based interface of a victim’s router in real-time, just as if the attacker were sitting on the victim’s LAN.”
That’s awful nice of him isn’t it?
All right, so what do we do? An article on Notebook.com recommends changing your router password to a very complex password, upgrade your routers firmware to the latest version, and to avoid questionable sites.
I would also add that you should check for firmware updates frequently. As router companies scramble to patch this, yours may not be updated against the threat yet.
See your user manual or check your manufacterer's website for specific directions on updating your router. Also, always double check your router security settings after updating.
Cross posted from Cyber Arms.