New Attack Targets "Millions" of Home Routers

9

Comments

+ Add a Comment
avatar

TheZomb

So what if you change the password on your router's config page from admin, admin. I really don't see how this will affect anyone that isn't already in danger of someone driving up to their house and changing their routers firmware from a laptop.

avatar

jgrimoldy

Sooo, what next?

What is the hacker going to do?  Set up port forwarding?  Change the router's DNS settings?  Is there something that a hacker can do to the router that won't be obvious when you check the config?  I'd imagine that most readers of MPC know how to check their config and they'd notice port forwarding that they didn't set up.  They'd also notice a change in their DNS.  They'd certainly notice if their admin credentials stopped working...

So, what is it?  Can the hacker do something to the router that you wouldn't notice when checking the config?

Can cascading routers (router into router) on a home network thwart this?

 

avatar

aviaggio

How long after seeing unusual behavior before you suspected the router? I'm thinking it would be pretty far down the list because most people, even MaxPC readers, are unaware they can be hacked. Your system could be compromised for weeks, perhaps even months, before you even realize there is a problem.

avatar

Biceps

So, can anyone tell me which routers are immune to this type of attack?  That would most likely be the most useful information here.... so that instead of constantly updating the firmware in my outdated router, I can just go buy one for which it isn't an issue.  Anyone?

avatar

fusa

As long as you change the router's login and password from the default to one that isn't easy to guess, all routers are immune.  The attack first has to compromise your browser, then try to gain access to the router through the browser.

avatar

aviaggio

The chart in the article shows not all routers are susceptible, including all of the D-Link's he tested. 

avatar

huhhuh

I had first major problem with my now 6 month old DIR - 825.

I tried to get to few different .com websites from my mac including facebook and flicker, but none were available - all were redirected to dns default set by my router something like dlink search.

It persisted for few hours, until i rebooted it.

avatar

Featherhead

Is this effective against routers running DD-WRT? Or Tomato or other for that matter? It didn't sound like he had tested it.

avatar

fusa

DD-WRT is on the list of tested firmwares and the hijack was successful, same for OpenWRT.  Tomato wasn't listed.

Although after reading DD-WRT's forums, their current version isn't vulnerable, unless you use the default login and password.  That is required to be changed anyway.

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.