Critical security flaw discovered in millions of home routers
July 20, 2010
A critical security flaw has been discovered in millions of home routers that creates an easy path for potential hackers to hijack Internet Explorer and Firefox browser sessions or hack directly into household networks and steal passwords and other private information.
Craig Heffner, a researcher and consultant at security firm Seismic, will soon detail the flaw and release a proof-of-concept tool at the Black Hat conference in Las Vegas, Nevada at the end of July.
The DNS rebinding-related security flaw affects routers from Linksys, Belkin, HP and Dell, among others.
But DNS rebinding isn't new and has been around for many years now. Heffner says he has discovered a new variant of the theme, which initially involves luring an Internet surfer into visiting a Web site containing malicious code.
The complex attack approach uncovered by Heffner involves either exploiting vulnerable hardware or taking advantage of weak hardware passwords.
A description of Heffner's talk, entitled "How to Hack Millions of Routers" on the Black Hat conference website, carefully explains and details how to recreate such an attack.
Heffner says it involves establishing an attack site which runs malicious script that means a visitor's own IP address is presented as one of the site's alternative IP addresses, thereby granting a trusted status to a malign site.
Most modern Internet browsers today are designed to specifically block earlier types of such attacks but not with this particular scenario, for reasons Heffner is due to explain at the Black Hat Conference.
Notebooks.com lists some sensible workarounds, such as downloading the latest firmware from router manufacturers and using strong and more secure passwords.
Many consumer routers can be exploited via DNS rebinding to gain interactive access to the router's internal-facing administrative interface.
Unlike other DNS rebinding techniques, this attack doesn't require prior knowledge of the target router or the router's configuration settings such as make, model, internal IP address, host name, etc, and does not rely on any anti-DNS pinning techniques either, thus circumventing existing DNS rebinding protections, and thus creating the security flaw right from the beginning.
We will keep you posted on this site as to when Heffner's full details will be available from the Black Hat conference in Vegas.
Source: Seismic Internet Security Inc.
You can link to the Internet Security web site as much as you like.