Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Find a Review
Dads & Grads Gift Guide Audio & Video Business Center Cameras Cell Phones & PDAs Communications Components & Upgrading Desktop PCs DVD & Hard Drives Gaming Hardware & Software HDTV Laptops Macs & iPods Monitors Printers Spyware & Security The PCW Test Center Windows Vista & XP
Resource Centers
Asus Notebook Center
CDW Solution Center
HP Ink Center
Intel Technology Center
Lenovo Laptop Showcase
Try It Free
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Free Newsletters
Receive the latest reviews, how-to's, news, and more.
Product Tips & Reviews
Security & Privacy
Daily Downloads
Go
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
RSS Feeds
Get our latest content via convenient RSS feeds.
Latest News
Today @ PC World
Become a PCW Member
Join the community and start enjoying the benefits:
  • Get tech advice from thousands of PC World Members
  • Rate and recommend the latest tech products
  • Share your thoughts in blog and article comments
  • Get free excerpts and exclusive discounts on Super Guides
Signing up is free and easy.
Read More About: Online SecurityCybercrimeSecurity

RSA Conference: Web Page Can Take Over Your Router

Robert McMillan, IDG News Service

Monday, April 07, 2008 5:07 PM PDT
Recommend this story?
Yes
No

Researcher Dan Kaminsky tomorrow will show attendees of the RSA security conference how a Web-based attack could be used to seize control of certain routers.

Kaminsky has spent the past year studying how design flaws in the way that browsers work with the Internet's Domain Name System (DNS) can be abused in order to get attackers behind the firewall.

But at the RSA Conference in San Francisco, he will demonstrate how this attack would work on widely used routers, including those made by Cisco's Linksys division and D-Link.

The technique, called a DNS rebinding attack, would work on virtually any device, including printers, that uses a default password and a Web-based administration interface, said Kaminsky, who is director of penetration testing with IOActive.

Here's how it would work. The victim would visit a malicious Web page that would use JavaScript code to trick the browser into making changes on the Web-based router configuration page. The JavaScript could tell the router to let the bad guys remotely administer the device, or it could force the router to download new firmware, again putting the router under the hacker's control.

Either way, the attacker would be able to control his victim's Internet communications.

The technical details of a DNS rebinding attack are complex, but essentially the attacker is taking advantage of the way the browser uses the DNS system to decide what parts of the network it can reach.

Although security researchers had known that this type of hack was theoretically possible, Kaminsky's demo will show that it can work in the real world, said David Ulevitch, CEO of DNS service provider OpenDNS. "I'm always a fan of when something that's theoretical gets made real, because it makes people act," he said.

On Tuesday, OpenDNS will offer users of its free service a way to prevent this type of attack, and the company will has a Web site to use Kaminsky's techniques to give users a way to change the passwords of vulnerable routers.

The attack "underscores the need for people to be able to have more intelligence on the DNS," Ulevitch said.

Although this particular attack takes advantage of the fact that routers often use default passwords that can be easily guessed by the hacker, there is no bug in the routers themselves, Kaminsky said. Rather, the issue is a "core browser bug," he said.

Routers Vulnerable

Router makers have known for some time how their default passwords can be misused by attackers. Three months ago, hackers showed how a similar attack could be launched, exploiting a flaw in the way Universal Plug-and-Play works on PCs.

Cisco tries hard to discourage Linksys customers from using routers with default passwords, said Trevor Bratton, a company spokesman. "One of the first things that our setup software does is change that default name," he said. "So anyone who does as we ask with the initial setup will be prompted to change that."

The problem is that home users rarely follow this advice, Kaminsky said. "The vast majority of home users have a device with a default password," he said.


Recommend this story?
Yes
No
Related Searches: rsa security router web attack

Comments
Related Content
Tags at a Glance
HP Ink Center
Bring improved color and brilliance to your printed material. Visit the Resource Center for more info...
CDW Solution Center
Deliver speed and scalability in your storage systems. Find out how at the CDW Solution Center.
Asus Notebook Center
Ultra-fashionable thin and light notebooks with SmartLogon Face Recognition. Find out more at the Asus Resource Center.
Intel Processor Technology
Which Intel Processor is Right for You?
Which Intel Processor is Right for You?Centrino, Core 2 Duo, Core 2 Quad, Core 2 Extreme? Check out the Intel Technology Center for more info...
Are you a gamer?
Are you a gamer?Visit the Intel's Gaming section for the latest downloads, hottest gaming events and to learn about Intel & Gaming.
See what Intel can do for Vista...
See what Intel can do for Vista...Discover how Windows Vista technology work in the benchmarks with Intel Centrino processor technology.
VoIP Web Demo
Join Altigen for a Live Web Demo and learn how VoIP technology can improve your business communications.
The Future Sales Force - A Consultative Approach
This white paper discusses the challenges of selling complex products and services, and the new skill sets sales professionals must employ.
Latest News
EBay Seller Pleads Guilty to Software Piracy Charges
A 23-year-old Oregon man has pleaded guilty to charges that he used identity theft to set up bogus accounts on eBay, where he... 15-May-2008
Telecom: Nice to Have or Basic Necessity?
It's been a busy week for organizations like Telecoms Sans Frontiers (TSF). With two natural disasters in quick succession --... 15-May-2008
RocketRAID 3522 Card Update Supports Mac Pro Booting
HighPoint Technologies has introduced a new firmware update for its RocketRAID 3522 host controller card to support booting on... 15-May-2008
Battlestations: Midway Coming to Mac in June
Feral Interactive has announced plans to ship a Macintosh conversion of Battlestations: Midway. The new game will be released... 15-May-2008
Text of Carl Icahn's Letter to Roy Bostock
Carl Icahn released his letter to the Yahoo board Thursday. Here is the full text of the letter: 15-May-2008
Icahn Takes on Yahoo Board
Billionaire investor Carl Icahn has sent a letter to Yahoo's board announcing he is nominating 10 candidates to replace all... 15-May-2008
What Visual Basic’s Office Return Means for Mac IT
Microsoft's Mac Business Unit overshadowed the release of an Office 2008 update by announcing a feature that won't even be... 15-May-2008
Wannabe Hackers Can Now Rent-a-Botnet
Online fraudsters that aren't highly skilled in the arts of cyber crime can now rent a service that offers an all-in-one... 15-May-2008
Aliph Rolls out New Smaller Jawbone Bluetooth Headset
Aliph's sleek Jawbone Bluetooth headset has been a popular accessory for iPhone users since its introduction last year. Now... 15-May-2008
Adobe Introduces Flash Player 10 Beta
Adobe Systems on Thursday released a public beta version of Flash Player 10. It's available for Mac OS X, Windows and Linux... 15-May-2008

PC World's Marketplace

PC World's Free Whitepapers

Name City
Address 1 State Zip
Address 2 E-mail (optional)