| By Robert Vamosi |
A report delivered at the 2010 Black Hat security conference detailed how hackers can exploit a firmware flaw in some popular home/small-business routers.
As if there were not enough ways to attack PCs, users should add this DNS vulnerability to their security checklist.
Hacker puts a new spin on rebinding attacks
For PC users, one of the more interesting discussions at this year’s Black Hat/DefCon security conferences (the largest and arguably best yearly U.S. security meet-ups) concerned security flaws in routers — the hardware I discussed in my latest Windows Secret Security Baseline update.
In a talk titled “How to hack millions of routers,” Seismic security researcher Craig Heffner demonstrated how a hacker could gain access to a common home router — then launch attacks on other devices on the router’s network or redirect a user’s browser to a malicious site.
Heffner found that, out of 30 popular routers he tested, at least 17 were vulnerable. Fortunately, none of these was recommended in the Security Baseline article.
The method of attack is through Domain Name System (DNS) rebinding (more info), a vulnerability known for some time. (IOActive researcher Dan Kaminsky spoke about DNS rebinding at the 2008 Black Hat.) Most browsers have built-in protections against rebinding attacks, but Heffner wrote a script that cleverly sidesteps those protections.
Whose router is vulnerable, whose is not
Included on the vulnerable list are several models of Linksys routers, including the popular WRT54G. (Hardware-version 3, firmware 3.03.9 is vulnerable, but the newer hardware-version 5, firmware 1.09 is not.) A Forbes blog includes a list of vulnerable models.