Forgot your password?
typodupeerror
Security

New Attack Hijacks DNS Traffic From 300,000 Routers 105

Posted by Unknown Lamer
from the something-had-to-replace-windows dept.
nk497 writes "Florida-based security firm Team Cymru said it was examining a widespread compromise"of 300,000 consumer and small office/home office (SOHO) routers in Europe and Asia. The DNS server settings were changed to a pair of IP addresses, which correspond to Dutch machines that are registered to a company that lists its address in central London. The attack highlights the flaws in router firmware, the researchers said. 'It's not new as an issue to the InfoSec community but this is one of the biggest we've seen recently as it's quite insidious,' Cymru's Steve Santorelli said, adding the hack could let the attackers conduct man in the middle attacks, impersonating your bank, for example."
This discussion has been archived. No new comments can be posted.

New Attack Hijacks DNS Traffic From 300,000 Routers

Comments Filter:
  • by DigiShaman (671371) on Tuesday March 04, 2014 @01:34AM (#46394213) Homepage

    And just how are these 300,000+ routers being reprogrammed to use alternate malicious DNS settings? Is this conducted via some common firmware exploit, or dumb users leaving default admin password in place?

  • by EmperorArthur (1113223) on Tuesday March 04, 2014 @01:41AM (#46394243)

    And just how are these 300,000+ routers being reprogrammed to use alternate malicious DNS settings? Is this conducted via some common firmware exploit, or dumb users leaving default admin password in place?

    Either is quite possible, though default password issues require that a PC on the LAN already be infected.

    Newer routers, especially the router/modem combo units, seem to have a randomly generated password that's printed on the device label. They also tend to come with WPA2 turned on with another randomly generated password that's also on the label. Proof that you can make devices more secure by default.

  • by Todd Knarr (15451) on Tuesday March 04, 2014 @02:25AM (#46394351) Homepage

    No, as noted in the article they did not need to be logged into the router since the URLs used didn't require credentials. Yes, it's a horribly huge hole in security. Yes, it was left in undoubtably because "the only way to get to those pages is through the login page so it's secure". Yaright.

  • Re: wrong (Score:5, Interesting)

    by emilv (847905) on Tuesday March 04, 2014 @04:55AM (#46394733)

    The system used by most Swedish banks:

    * The bank website gives you a random number as a challenge
    * You input the number to a device together with your PIN (some banks also require you to insert your card into the device)
    * You get a new number from the device that you input on a web page

    The web pages are obviously encrypted with HTTPS using an EV-SSL certificate.

    It used to be that the challenge was an account number or an amount but that is no longer the case due to the possibility of a replay attack.

Any sufficiently advanced bug is indistinguishable from a feature. -- Rich Kulawiec

Working...