Great."Millions" Of Home Routers Vulnerable To Web Hack
July 13, 2010 - 1:37 pmShare409
Andy GreenbergBio | Email
Andy Greenberg is a technology writer for Forbes.
The upcoming Black Hat security conference in Las Vegas offers an annual parade of security researchers revealing new ways to break various elements of the Internet. But few of the talks have titles quite as alarming as one on this year's schedule: "How to Hack Millions of Routers."
Craig Heffner, a researcher with Maryland-based security consultancy Seismic, plans to release a software tool at the conference later this month that he says could be used on about half the existing models of home routers, including most Linksys, Dell, and Verizon Fios or DSL versions. Users who connect to the Internet through those devices and are tricked into visiting a page that an attacker has set up with Heffner's exploit could have their router hijacked and used to steal information or redirect the user's browsing.
Heffner's attack is a variation on a technique known as "DNS rebinding," a trick that's been discussed for close to 15 years. "There have been plenty of patches over the years, but this still hasn't really been fixed," he says.