Black Hat presentation will demonstrate hacks that could work on many existing routers

Dark Reading Staff, Dark Reading

July 16, 2010

2 Min Read

A security researcher later this month will demonstrate an exploit that could work on as many as half of the home routers currently in use.

According to a Forbes report, Craig Heffner, a researcher with Maryland-based security consultancy Seismic, plans to release a software tool at the Black Hat conference later this month that he says could be used on most Linksys, Dell, and Verizon Fios or DSL router versions.

Users who connect to the Internet through those devices are tricked into visiting a malicious page containing Heffner's exploit, allowing attackers to hijack their routers, steal information, or redirect the user's browsing, according to the report.

Heffner's attack is a variation of a technique known as "DNS rebinding," a trick that has been discussed for close to 15 years, the report says. His trick is to create a site that lists a visitor's own IP address as one of the DNS rebinding options.

When a visitor comes to his booby-trapped site, a script runs that switch to its alternate IP address -- in reality, the user's own IP address -- and accesses the visitor's home network, potentially hijacking his browser and gaining access to his router settings, according to the report.

That DNS trick isn't new, and browsers have installed patches for earlier versions of the exploit. But, according to the report, Heffner says he has tweaked it to bypass those safeguards; he won't say exactly how until his Black Hat talk.

Heffner tested his attack against 30 router models and found that about half were vulnerable, according to the report.

Heffner's method still requires the attacker to compromise the victim's router after gaining access to his or her network. But that can be accomplished by using a vulnerability in the device's software or by simply trying the default login password, according to the report. Only a tiny fraction of users actually change their router's login settings, Heffner says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights