Friday, February 16, 2007

Tell me something I didn't already know.

C|Net today reports that Symantec has just published some research performed by scientists at the University of Indiana that exposes a possible vulnerability of consumer routers. As King Solomon wrote in Ecclesiastes, there is nothing new under the sun. Since they came onto the market, home routers have had many a security hole. Something that many people have (myself included) have been warning about for years. However, this research simply shows a practical attack that is very simple to pull off.


In a nutshell, they put together some simple JavaScript/Java code that logs on to your router and changes your DNS settings. In doing so, attackers could say, re-route your requests to say, your banks website so that when you type in https://www.mybank.com - you are really logging in to their phishing site, and you wouldn't know the difference, as even most existing phishing filters would be fooled. (You can get a full PDF here: http://www.cs.indiana.edu/cgi-bin/techreports/TRNNN.cgi?trnum=TR641 ).


Of course, this is just scratching the surface. For example, there are certain brands of routers that use GPL'd code, and make the source code available on their websites. Are truly enterprising Hacker could - download this code, and use a similar method to upload it to replace your router's firmware. The changes could be almost invisible to the end-user, but far more malicious. Why? Think about what those attackers could do.

They could easily modify the router's code to capture and/or intercept all web traffic coming through the router. On the benign side they could, say, re-write Google's ads with their own. On the more malicious side, they could easily capture passwords, credit card numbers and more. Or find other ways of using your web viewing habits against you. They could also forgo the use of computers as 'Zombies' for DDOS attacks, and put them straight on the router. Even worse, they can make the traffic appear as if its coming from any of the PC's on your network.

What's even worse - they don't need to exploit the default password or an uprotected wi-fi network. They can simply publish their code on their website and tout that they have a
'high-performance' version of the firmware.


Granted wi-fi routers are great, and provide tremendous benefit for their owners, I hope that this research will enable manufacturers to take more steps towards securing them.

No comments: