Half of Home Routers Vulnerable to DNS Exploit

Friday, July 30, 2010

Dan Dieterle

B64e021126c832bb29ec9fa988155eaf

The Black Hat Security conference is going on now in Vegas. Scanning through the list of presentations, this one really stood out, “How to Hack Millions of Routers" by Craig Heffner.

According to the description, “This talk will demonstrate how many consumer routers can be exploited via DNS rebinding to gain interactive access to the router’s internal-facing administrative interface.”

image

The DNS binding attack has been known for a while, but it looks like Craig has found a new spin on the attack. According to a Forbes article, an attacker places a malicious script on a web page.

When the page is visited, it switches the webpage IP address visited with the IP address of your firewall/ router. It then gives the script access to view the router contents, and interact with it.

Which routers are susceptible to this attack? Oh, a few, and you probably recognize their names, “Confirmed affected routers include models manufactured by Linksys, Belkin, ActionTec, Thompson, Asus and Dell, as well as those running third-party firmware such as OpenWRT, DD-WRT and PFSense.”

Also at the conference, Craig is going to release the tool that automates the attack, “A tool release will accompany the presentation that completely automates the described attack and allows an external attacker to browse the Web-based interface of a victim’s router in real-time, just as if the attacker were sitting on the victim’s LAN.”

That’s awful nice of him isn’t it?

All right, so what do we do? An article on Notebook.com recommends changing your router password to a very complex password, upgrade your routers firmware to the latest version, and to avoid questionable sites.

I would also add that you should check for firmware updates frequently. As router companies scramble to patch this, yours may not be updated against the threat yet.

See your user manual or check your manufacterer's website for specific directions on updating your router. Also, always double check your router security settings after updating.

Cross posted from Cyber Arms.

Possibly Related Articles:
5225
Network->General
Vulnerabilities
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.