Dangerous new home router exploit
A summary is at Security Pro News and the source paper can be found here(pdf), but the exploit is a simple one:
- User visits website with malicious javascript
- Javascript changes DNS settings on routers with default passwords
- Hacker now owns the user’s Internet experience
Obviously, this is an easy hack to prevent, but how many users change their default password on their router? I occasionally check this when I see a ‘linksys’ or ‘netgear’ network. Unfortunately, if the network name is still the same so is the password 90% of the time.
The fascinating thing is that this change could be undetectable to the user. They could see a normal browsing experience, all while the hacker is attaching affiliate codes to links, or sending the user to the occasional spoofed phishing site.Related Posts
Comments Off on Dangerous new home router exploit
0 Comments
No comments yet.
RSS feed for comments on this post.
Sorry, the comment form is closed at this time.