Is Your Router One In A Million?

Photo of author

Tim Higgins

You may have seen a Forbes article about the security exploit described in a Black Hat How to Hack Millions of Routers talk. But there is no need to panic.

Andy Greenberg’s Forbes article does a nice job of raising the red flag about a security issue that may still be lurking in many old routers sitting out there in the cloud.

The exploit that will be described in Craig Heffner’s Black Hat talk at the end of this month uses a DNS rebinding technique to redirect a web page to a vulnerable router’s web-based administration interface.

It’s important to note that the vulnerability being demonstrated in the talk is DNS rebinding. Routers just happen to be an attention-grabbing subject. As Heffner explained in this pfsense forum thread:

While my talk is focused on attacking routers, there is no exploit in any router per-se, and it is not necessarily restricted to attacking routers. The exploit is DNS rebinding, which circumvents the same-origin policy in a client’s Web browser by exploiting the trust inherently placed in the DNS protocol.

Also note that the talk summary clearly states that this only provides access to the router’s administrative interface; an attacker would still need to exploit the router or log in to it via default/weak credentials in order to do anything.

The Google Docs spreadsheet below containing the routers tested by Heffner shows relatively old routers that were vulnerable to the exploit (Successful = Yes). But of particular note is that DD-WRT V24 and OpenWRT Kamikaze r16206 are both vulnerable.

Whether or not your router is on the list, there is one simple way to lower your chances of being a victim of this exploit—change your router’s admin password to a strong one.

If you’re really into the subject, you might want to read an 2008 paper by Heffner and Derek Yap, Security Vulnerabilities in SOHO Routers. It describes the many vulnerabilities that still can be found in many routers.

Related posts

Ignorance is Bliss? An Introduction to Internet Security – Part 2

What you don't know won't hurt you, but on the Internet, nothing could be further from the truth. In Part 2 of his Internet Security series, Pat McKenna shows how a secure SSL "padlock" on your browser and a strong password might not always deliver what they seem to promise.

How You Are About To Become Responsible For Credit Card Fraud

3D Secure is the new protocol being developed by the main players in the credit card payments business to try to combat credit card fraud. The kicker, however, is that it shifts responsibility for the cost of fraud from the acquirers (merchants and their banks) to us - consumers and our banks. Pat McKenna shows you just what 3DS is all about.

Social Engineering: The Biggest Risk to Internet Security

We rely on security walls to keep intruders out, while leaving gates so that we can get in and out ourselves. Most hacking involves trying to break down or otherwise sneak past these gates, but the easiest way to get in is to convince the gatekeeper to open the door. In networking security circles, this is known as Social Engineering, and it's something you need to understand.