Computer routers face hijack risk: study

[Chris]

Researchers at the University of Indiana and Symantec Corp. are warning that about half of internet users with a home router are vulnerable to having the hardware hijacked.

The researchers found that home router users are susceptible to attackers who could change settings on the devices to divert traffic without the owner's knowledge. For example, a person could enter the correct address of their bank's website into their web browser but they would be taken to a fake site designed to steal their banking information.

The attack appears to work on all major consumer versions of routers, such as those made by Linksys, Belkin, Netgear and D-Link, but a person would have to visit a specially crafted web page for it to work.

"A malicious web page has the disastrous ability to manipulate its visitors' home routers, changing its settings to enable spread of malware, target phishing attacks, or starve the visitor from critical security updates," the researchers wrote in their paper, Drive-By Pharming.

More | Here

[Irene]

The researchers found that home router users are susceptible to attackers who could change settings on the devices to divert traffic without the owner's knowledge. For example, a person could enter the correct address of their bank's website into their web browser but they would be taken to a fake site designed to steal their banking information.

Very alarming, Chris.

I understood that my router 'blocked' potential baddies. Later today, I'll find the thread in which it was discussed. Perhaps things have changed since that duscussion took place.

P.S. This is the thread...

http://forums.windowsforum.org/index.php?s...1&hl=router

[-pops-]

The attack appears to work on all major consumer versions of routers, such as those made by Linksys, Belkin, Netgear and D-Link, but a person would have to visit a specially crafted web page for it to work.

Note this vital proviso.

[Thos]

This is worrying. It is all too easy to visit a web page unknowingly. And a "specially crafted" one would not have it's purpose blazoned across the top. I just hope good old Site Advisor would pick it up.

Thos.

[Irene]

The attack appears to work on all major consumer versions of routers, such as those made by Linksys, Belkin, Netgear and D-Link, but a person would have to visit a specially crafted web page for it to work.

Note this vital proviso.

I see, but would there be any way of knowing that you were on a web page of that nature?

After a recommendation from Thos., I installed Site Advisor. Would that indicate anything?

Sorry to be such a mitherer, but it is an important issue. :)

[andsome]

Site Advisor will only tell you about sites that it has looked into. Some sites are green and some are red. The grey ones have no report available.

Here

[Chris]

Cisco Warns That 77 Routers Are Vulnerable To New Drive-By Pharming Attack

Cisco Systems Inc. has advised its customers that 77 of its routers are vulnerable to a new form of attack called drive-by pharming.

Researchers at security company Symantec first warned users about the new type of attack last week, calling for all users -- both home and commercial -- to change the default user name and password on their routers if they hadn't already done so. Running the routers with the out-of-the-box password leaves users open to attack.

Symantec's Zulfikar Ramzan posted an online warning that hackers are lacing phony Web sites with malicious code that actually will log into and mess with broadband routers. He's coined a term for it: Drive-By Pharming.

"I believe this attack has serious widespread implications and affects many millions of users worldwide," wrote Ramzan, senior principal researcher in the Advanced Threat Research Group at Symantec, on the company's Security Response Weblog. "Fortunately, this attack is easy to defend against, as well."

The defense simply is to change the default password.

More | Here