Dangerous new home router exploit

Security by on February 19, 2007 at 2:41 pm

A summary is at Security Pro News and the source paper can be found here(pdf), but the exploit is a simple one:

  • User visits website with malicious javascript
  • Javascript changes DNS settings on routers with default passwords
  • Hacker now owns the user’s Internet experience

Obviously, this is an easy hack to prevent, but how many users change their default password on their router? I occasionally check this when I see a ‘linksys’ or ‘netgear’ network. Unfortunately, if the network name is still the same so is the password 90% of the time.

The fascinating thing is that this change could be undetectable to the user. They could see a normal browsing experience, all while the hacker is attaching affiliate codes to links, or sending the user to the occasional spoofed phishing site.


No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License. | Dave Naffziger's BlogDave & Iva Naffziger