Skip to main content

Why You Need to Change Your Broadband Router Password

In this article, Sid Stamm, Zulfikar Ramzan, and Markus Jakobsson have developed a clever, and potentially devastating, attack against home routers. If you are using these mentioned routers in your office, it's time to change that default password.

So how does it work? First, the attacker creates a web page containing a simple piece of malicious JavaScript code. When the page is viewed, the code makes a login attempt into the user's home broadband router, and then attempts to change its DNS server settings to point to an attacker-controlled DNS server. Once the user's machine receives the updated DNS settings from the router (after the machine is rebooted) future DNS requests are made to and resolved by the attacker's DNS server.

And then the attacker basically owns the victim's web connection.

The main condition for the attack to be successful is that the attacker can guess the router password. This is surprisingly easy, since home routers come with a default password that is uniform and often never changed.

They've written proof of concept code that can successfully carry out the steps of the attack on Linksys, D-Link, and NETGEAR home routers. If users change their home broadband router passwords to something difficult to guess, they are safe from this attack.

Additional details (as well as a nifty flash animation illustrating it) can be found here. There's also a paper on the attack. And there's a Slashdot thread.

Cisco says that 77 of its routers are vulnerable.

Note that the attack does not require the user to download any malicious software; simply viewing a web page with the malicious JavaScript code is enough.

Labels:

Comments

Post a Comment

Popular posts from this blog

OpenProj - FREE alternative to Microsoft Project I wanted to share with all of you about Projity's important announcement last week at LinuxWorld. Projity announced the release of OpenProj, a FREE (yeah, another FREE software) and open source replacement of Microsoft Project. OpenProj is available on Windows, Linux, Unix or Mac and is interoperable with Microsoft Project. The best thing is, it even opens existing MS Project files! How cool is that? I read on OpenProj website that OpenProj has been downloaded on an average every 35 seconds around the clock at http://www.projity.com since they launched and made the software available last week. OpenProj is now in the 99.99th percentile for activity on Sourceforge.net and is quickly becoming one of the most used open source solutions worldwide. The OpenProj folks are expecting about 11 million worldwide users and in my opinion, this has been an excellent start for them. MS Project has been a key strategic solution for Micro...
1 comment
Read more
In early April 2006, I sign-up for the Excellerated Business School for Entrepreneurs (BSE) after a preview session held in Singapore by Executive-Directions. The seminar was held from 15 April to 23 April 2006 in Subang Jaya Hotel in Kuala Lumpur, Malaysia. The BSE in KL was organized by GlobeSL Sdn Bhd. I left Singapore on 14 April via Transtar , the only 1st class coach service which has 16 seats to create a lot of room for your leg. They also provide hot meal during the journey with hot drinks on demand. The seats are equipped with a massage chair, a personal in-flight entertainment system on LCD screen, PC Games and the F&B Attendant will provide anything that you ask for. From newspaper, magazines, blanket, hot/cold drinks, a new set of earphones for the entertainment system... they have it all. They are most courteous and polite at all times. I truly enjoy the Transtar service. For SG$50 from Singapore to KL, it's worth it. I arrived in Subang Jaya Hotel at about 10p...
Post a Comment
Read more

What Makes a Champion?

By NG Chang Siang, Education Success Coach MindChamps Holdings Ltd ‘’ What makes a champion is a champion mindset. The champion mindset is the transferable commodity, not the skill itself. If you have done something great in one field, you are far more likely to do it in another ‘’ --Professor Allan Snyder FRS I have a good friend who is a primary school teacher. He also takes on as a role of a coach in flaw ball for the students in his school. Guess what? He never play flaw ball before. Not even that, after he coached his students, they won a school team which was coached by a national flawball player. That day I met him in our soccer game as we play soccer together every Monday. He played soccer very well and represented his schools when he was very young. I ask him : “ How did you do it…?” “ How can someone with no flaw-ball playing experience train and beat another team whom has an experience coach?” He replied: “ Oh, I just use the strategy I know in playing soccer and apply...
Post a Comment
Read more