Jump to content



Photo

Hack Lets Intruders Sneak into Home Routers


  • Please log in to reply
17 replies to this topic

#1 Damien R.

Damien R.

    XXIX

  • 119,288 posts
  • Joined: 20-July 02
  • Location: England
  • OS: Windows 8.1 x64
  • Phone: Nokia Lumia

Posted 16 February 2007 - 18:19

If you haven't changed the default password on your home router, let this recent threat serve as a reminder.

Attackers could change the configuration of home routers using JavaScript code, security researchers at Indiana University and Symantec have discovered. The researchers first published their work in December, but Symantec publicized the findings on Thursday.

The researchers found that it is possible to change the DNS, or Domain Name System, settings of a router if the owner uses a connected PC to view a Web page with the JavaScript code. This DNS change lets the attacker divert all the Net traffic going through the router. For example, if the victim types in "www.mybank.com," the request could be sent to a similar-looking fake page created to steal sensitive data.

"I have been able to get this to work on Linksys, D-Link and Netgear routers," Symantec researcher Zulfikar Ramzan said. "You can create one Web site that is able to attack all routers. My feeling is that it is just a matter of time before phishers start using this."

After a router's DNS setting is changed, all computers connected to the device will use the DNS server set up by the attacker to find their way on the Internet. DNS functions like the phonebook of the Internet, mapping text-based addresses such as www.news.com to actual numeric Internet Protocol addresses of a Web site.

The attack works on any type of home router, but only if the default router password hasn't been changed, Ramzan said. The malicious JavaScript code embedded on the attacker's Web page logs into the router using the default credentials--often as simple as "admin" and "password"--and changes the settings.

"One of the issues is that the set-up steps in the router don't prompt you to change the password," Ramzan said. As a result, many people never properly configure their networking gear, he said.

In crafting their proof-of-concept attack code, Ramzan and researchers at Indiana University built upon earlier research that showed how JavaScript could be used for malicious purposes. Jeremiah Grossman, chief technology officer at WhiteHat Security, demonstrated how JavaScript let outside attackers target internal corporate networks.

Grossman is impressed by the Symantec and Indiana University work. "This is very dangerous stuff and could be highly effective if used in the wild," he said.

Router makers already know of the problems with default passwords as well as other security concerns, they said. Linksys, for example, recommends that customers change the default password during the installation procedure, said Karen Sohl, a representative for the company, a division of Cisco Systems. "We are aware of this," she said.

On its Web site, Linksys warns users that miscreants are taking advantage of the default passwords. "Hackers know these defaults and will try them to access your wireless device and change your network settings. To thwart any unauthorized changes, customize the device's password so it will be hard to guess," the company states.

Still, although Linksys' software recommends the password change, consumers can either plug in their router without running the installation disk or bypass the change screen, keeping the defaults. The company offers detailed information on how to change the router password on its Web site. Netgear and D-Link also recommend password changes.


Posted Image SOURCE


#2 h3xis

h3xis

    Neowinian Senior

  • 2,960 posts
  • Joined: 18-July 04

Posted 16 February 2007 - 18:23

People have known this for years and it's just now making headway. Go figure. I've been beta testing dd-wrt v24 firmware for the La Fonera router for a while now and everytime I receive one to test I have to use a form to inject a script action into the router to get it to enable ssh so that I can have full access to it, since this is disabled by the manufacturer.

#3 .Kompressor

.Kompressor

    Monkey Business

  • 4,629 posts
  • Joined: 19-September 02
  • Location: The Laboratory
  • OS: OSX, Win, Ubuntu, WinServer, ESXi...
  • Phone: iPhone 5

Posted 16 February 2007 - 22:51

here's an example video of what one can do. WiFi Hustle Scam.


http://www.techeblog...-scam#more-7617

#4 Berserk87

Berserk87

    Neowinian Senior

  • 10,196 posts
  • Joined: 14-June 05
  • Location: BC, Canada

Posted 17 February 2007 - 06:17

ummmmm........

*changes router pass :unsure:

#5 simsie

simsie

    Neowinian

  • 1,483 posts
  • Joined: 12-February 06
  • Location: Bedfordshire UK

Posted 18 February 2007 - 23:35

here's an example video of what one can do. WiFi Hustle Scam.
http://www.techeblog...-scam#more-7617


Thats very very worrying, it seems really simple.

#6 strekship

strekship

    Neowinian Senior

  • 4,538 posts
  • Joined: 23-May 04
  • Location: California

Posted 19 February 2007 - 00:17

Leaving the default password on these kinds of things is the same as leaving your car unlocked. Anyone can go look up what some common default passwords are.

#7 morebaker

morebaker

    Neowinian

  • 1,020 posts
  • Joined: 12-August 04
  • Location: west coast
  • Phone: nexus 5

Posted 19 February 2007 - 00:44

Is that not the first thing you do
Change the encryption to WPA2 and set the password too your own.
Leaving anything at default is bad.

#8 Tantawi

Tantawi

    Neowinian Senior

  • 4,855 posts
  • Joined: 02-March 04
  • Location: Switzerland
  • OS: Windows 8.1 64-bit
  • Phone: Sony Xperia Z

Posted 19 February 2007 - 01:52

I enjoy getting into routers with default passwords :D, and the beautiful thing is that most routers will show the model name in the login prompt, put that in Google and you get the default password :D I don't make any change though :)

Another good tip is to change the web interface of your router to any other port, if it supports that feature, to anything instead of the default 80 or 8080.

#9 +mrbester

mrbester

    Be seeing you...

  • 2,041 posts
  • Joined: 10-April 02
  • Location: Brighton, Land of the South Saxons, Albion

Posted 19 February 2007 - 12:27

Is that not the first thing you do
Change the encryption to WPA2 and set the password too your own.
Leaving anything at default is bad.

No, the first thing you do is turn off the WLAN as you should be connecting using the supplied cable. Then you change the password and reenable WLAN (with elevated security) if needed.

#10 +warwagon

warwagon

    Only you can prevent forest fires.

  • 25,890 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 19 February 2007 - 20:59

No, the first thing you do is turn off the WLAN as you should be connecting using the supplied cable. Then you change the password and reenable WLAN (with elevated security) if needed.


first thing you do is disable wan and just connect via eithernet

#11 1WayJonny

1WayJonny

    General, I salute you!

  • 1,591 posts
  • Joined: 05-May 05
  • Location: Dirty Jerzey

Posted 19 February 2007 - 22:37

why would you have not changed your default user password

everyone is "admin"

#12 +warwagon

warwagon

    Only you can prevent forest fires.

  • 25,890 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 21 February 2007 - 20:23

why would you have not changed your default user password

everyone is "admin"


now I can see why you would want to change the password, but some people might think just disable wireless or have wireless but disable being able to remote access the router over the wifi then they would think the admin password would just be used to access the router internally. Obviously this hack says otherwise. Or wait, what if you have remote access disabled, then it would be safe from this problem wouldn't it?

#13 Rytis

Rytis

    Neowinian

  • 170 posts
  • Joined: 20-March 04
  • Location: Kaunas, Lithuania

Posted 21 February 2007 - 20:32

I was once sitting with my laptop nearby out city council. I tried to find a hotspot to use the net, and well, there was only one, at was named "saviv" (which is short for "city council" in Lithuanian. It of course was unsecured, so I was able to get in right away. I didn't do any damage except that I changed the default password :)

#14 funkymunky

funkymunky

    Neowinian Senior

  • 2,699 posts
  • Joined: 24-January 06
  • Location: PimpLand

Posted 21 February 2007 - 20:42

Wow

That video was coool what a simple but effective way.

#15 thugilex

thugilex

    Neowinian Senior

  • 3,152 posts
  • Joined: 17-September 04
  • Location: Lebanon - Beirut

Posted 22 February 2007 - 10:43

video makes it look so easyyyy :)



Click here to login or here to register to remove this ad, it's free!