Slashdot Mirror

← Back to Stories (view on slashdot.org)

Drive-By Pharming Attack Could Hit Home Networks

Posted by Zonk on from the dive-behind-the-router dept.

Rob wrote in with a link to a CBR Online article discussing drive-by pharming, a new exploitation technique developed by Indiana University and Symantec Corporation. While it's not known if the technique is in use 'in the wild', the exploit could easily co-opt the web-browsing habits of a user that had not properly configured their router. "The attack works because most of the popular home routers ship with default passwords, default internal IP address ranges, and web-based configuration interfaces. The exploit is a single line of JavaScript loaded with a default router IP address, a default password, and an HTTP query designed to reconfigure the router to use the attacker's DNS servers." The article goes on to discuss several related and more advanced techniques related to this one, which security companies will have to keep in mind to guard against future attacks.

2 of 185 comments (clear)

  1. Legal issues by Reverse+Gear · · Score: 5, Informative

    My sister is a lawyer, I imagine she is not the only one that has dealt with something related to this.

    Right now she has a client that is being sued for quite an amount of money by the music industry for downloading lots of music through P2P services. He claims he never did this, that he never listens to music on his computer.

    It turns out that he lives in an apartment block, knows very little about computers in general, but thought that this things with wireless network was really fancy. I think you can figure out the rest of that story, my sister has quite a few troubles convincing the music industry what is obvious, I don't know what the outcome of this case is and if it has been taken to court yet.

    According to Danish law he probably has some responsibility and will, even if my sister successfully proves that he did not do the illegal downloading, still somehow get punished for this.

    I think there are many interesting legal issues in this.

  2. This isn't about wireless access! by JackHoffman · · Score: 5, Informative

    There seems to be a misconception that the attack somehow involves WLAN access, probably because the headline describes it as a "drive-by" attack. That isn't meant literally though: Drive-by means that the user's network is hacked when the user visits a website, in passing. The attack works by having a webpage make the browser access the router's configuration interface. Since the configuration interface usually isn't accessible from the internet side of the router, the attacker needs an inside computer to reflect the requests. Since the configuration interface is a webpage, the natural reflector choice is the user's browser. The attacker just needs to create a popular webpage and include "remote" elements which access router interfaces with default login credentials.

    This attack also applies to non-wireless routers and routers with properly secured or disabled wireless LANs. The critical flaw is to leave a default password on the configuration interface. The interface is not safe from external attacks just because it's firewalled on the external interface.