![]() |
Click here for more of Dark Reading's Black Hat articles. |
Users who connect to the Internet through those devices are tricked into visiting a malicious page containing Heffner's exploit, allowing attackers to hijack their routers, steal information, or redirect the user's browsing, according to the report.
Heffner's attack is a variation of a technique known as "DNS rebinding," a trick that has been discussed for close to 15 years, the report says. His trick is to create a site that lists a visitor's own IP address as one of the DNS rebinding options.
When a visitor comes to his booby-trapped site, a script runs that switch to its alternate IP address -- in reality, the user's own IP address -- and accesses the visitor's home network, potentially hijacking his browser and gaining access to his router settings, according to the report.
That DNS trick isn't new, and browsers have installed patches for earlier versions of the exploit. But, according to the report, Heffner says he has tweaked it to bypass those safeguards; he won't say exactly how until his Black Hat talk.
Heffner tested his attack against 30 router models and found that about half were vulnerable, according to the report.
Heffner's method still requires the attacker to compromise the victim's router after gaining access to his or her network. But that can be accomplished by using a vulnerability in the device's software or by simply trying the default login password, according to the report. Only a tiny fraction of users actually change their router's login settings, Heffner says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.