Router Flaws Creates Easily Exploited Vulnerability
A flaw in millions of household routers has provided hackers with an easy access point to hack home networks or hijack websurfing sessions.
Later this month, Craig Heffner, a researcher at security consultancy Seismic, will detail the exploit at a conference in Las Vegas, which effects Linksys, Belkin and Dell, as well as other systems. The flaw is related to a DNS rebinding.
Heffner says he has found a new way to bring unsuspecting users to a malware-infected site which “JavaScript-based malware to penetrate private home networks supported by vulnerable hardware,” according to The Register.
According to a description on the BlackHat Conference website, Heffner’s talk will “demonstrate how many consumer routers can be exploited via DNS rebinding to gain interactive access to the router’s internal-facing administrative interface. Unlike other DNS rebinding techniques, this attack does not require prior knowledge of the target router or the router’s configuration settings such as make, model, internal IP address, host name, etc, and does not rely on any anti-DNS pinning techniques, thus circumventing existing DNS rebinding protections.”
Related posts:
