Millions of Routers are Vulnerable to a New Hack

Millions of routers like the one pictured here have a vulnerability that allows hackers to intercept and redirect traffic as well as access computers on a local network.

The list of vulnerable routers tested so far can be found in a Google spreadsheet where the last column indicates whether the specific router listed is prone to this sort of attack.

The research has been performed by Seismic who are a security consultancy based in Maryland.

Craig Heffner, a researcher with the company, will both present the research at Black Hat and release a proof-of-concept tool to demonstrate the problem in practice. Heffner believes this is the best way to get router manufacturers to release firmware updates to fix the issue.

The new attack is based around an old problem where a technique called DNS rebinding is used. The hacker is able to add a DNS entry on the router that points to a malicious site. When a user browses to a particular website, the DNS responds with the wrong IP address and sends the user to somewhere else.

Potentially, the hacker could also redirect all requests to a malicious server where traffic can be monitored and intercepted which leads to a number of security issues with your data.

The first step to prevent it is to change the default password on your routers web browsing software. A number of routers have a web based interface which is vulnerable. However, most of the emphasis appears to be geared towards router manufactures such as Cisco and D-Link (to name a couple) to create updated firmware with the security hole secured.

More details can be found at Arstechnica who have a few details on the presentation.

Speak Your Mind