Researchers at the University of Indiana and Symantec are warning that about half of internet users with a home router are vulnerable to having the hardware hijacked. The researchers found that home router users are susceptible to attackers who could change settings on the devices and begin phishing attacks. The attack appears to work on all major consumer versions of routers (including Linksys, Belkin, Netgear and D-Link) but can only be successful if the user visits a specially crafted web page. "A malicious web page has the disastrous ability to manipulate its visitors' home routers, changing its settings to enable spread of malware, target phishing attacks, or starve the visitor from critical security updates," the researchers wrote in their paper, Drive-By Pharming.
The attack is unique as it does not rely on vulnerabilities in a web browser or other software, but instead allows malicious attacks at the network level. The researchers cited surveys that showed half of home router users use the default password or no password on the device, and 95% allow their web browsers to use JavaScript code. "This means 47.5 per cent of all home users ... are effectively leaving themselves open to another attack — allowing attackers to circumvent all known anti-phishing countermeasures," the researchers wrote. They recommend that people change their passwords on their routers and be selective about which Java applets, or programs, they allow to run on their computers. The study, authored by Sid Stamm and Markus Jakobsson of Indiana University and Zulfikar Ramzan of Symantec, was published in December 2006 and is now being publicized by Symantec.
Link: Forum Discussion (Thanks Rappy)
News source: CBC News
26 Comments - Add comment