Slashdot Mirror

← Back to Stories (view on slashdot.org)

Drive-By Pharming Attack Could Hit Home Networks

Posted by Zonk on from the dive-behind-the-router dept.

Rob wrote in with a link to a CBR Online article discussing drive-by pharming, a new exploitation technique developed by Indiana University and Symantec Corporation. While it's not known if the technique is in use 'in the wild', the exploit could easily co-opt the web-browsing habits of a user that had not properly configured their router. "The attack works because most of the popular home routers ship with default passwords, default internal IP address ranges, and web-based configuration interfaces. The exploit is a single line of JavaScript loaded with a default router IP address, a default password, and an HTTP query designed to reconfigure the router to use the attacker's DNS servers." The article goes on to discuss several related and more advanced techniques related to this one, which security companies will have to keep in mind to guard against future attacks.

7 of 185 comments (clear)

  1. Simple solution for this by suso · · Score: 2, Interesting

    1. When a registrar uploads data to root DNS servers, it also puts some hash of the numbers in a lookup table.
    2. Browsers are modified to lookup these hashes in #1 to determine if the DNS servers it is talking to are ok.

    The net needs to be more secure and there need to be more checks in place through authoritive sources.

    This pharming attack reminds me of when I first installed the doorbell on my house, every once in a while it would go off and nobody was at our door, it turned out that the people across the street had the same doorbell set to the default settings.

  2. not with my 2wire router by fishyfool · · Score: 5, Interesting

    it came from the factory with a random 10 digit wep password and with wireless disabled by default. if 2wire can do this, so can everyone else.

    --
    Enjoy Every Sandwich
  3. So, how do you tell your clueless neighbors? by Anonymous Coward · · Score: 3, Interesting

    This raises a question: if you are using your wireless card and notice that your neighbor has a wide-open access point, how do you educate them without being seen as a suspect or nosy? I have one such neighbor, and I have considered logging into their wide-open AP and rebooting it or setting WEP keys or some such, but such measures would of course fail, since they are clueless. I have also considered going full-stealth and printing up a quick wireless security tutorial on a printer not linkable to me, and taping the tutorial to their door. But, it's not worth the trouble to me, but it could be a big deal to them one day. In this litigious day, that's why I'm posting as AC.

  4. Re:Last time I checked. . . by Corporate+Troll · · Score: 2, Interesting

    If you really can't remember, there is nothing wrong with taping the password to the bottom of your router. If the attacker can gain physical access to your router you have a much bigger problem that wireless security.

    You shouldn't do this at your workplace, but at home it is acceptable...

    I don't do this, I know the (strong) password of my Access Point

  5. Re:A big part of the problem is poor documentation by Lumpy · · Score: 2, Interesting

    The fun part is when you set up your router with the Newest DD-WRT beta release. I have it broadcasting about 30 SSID's all of them with default router names and no WEP. then you set the nocatauth to redirect all traffic to a splash page that simply says " YOU ARE A MORON" then I leave it disconnected except for power in my attic with the power turned up and some nice high gain antennas.

    After 30 days the number of default confuguration routers in my neighborhood dropped significantly. I forced them all to reconfigure it to at least change the name so they can find theirs, many actually added WEP some added WPA.

    --
    Do not look at laser with remaining good eye.
  6. Show your sister this article! by oni · · Score: 3, Interesting

    RIAA Will Drop Cases If You Point Out That An IP Address Isn't A Person

    Earlier this month the inability to prove who actually did the file sharing caused the RIAA to drop a case in Oklahoma and now it looks like the same defense has worked in a California case as well. In both cases, though, as soon as the RIAA realized the person was using this defense, they dropped the case, rather than lose it and set a precedent showing they really don't have the unequivocal evidence they claim they do.

  7. Re:defaults passwords by QuantumRiff · · Score: 2, Interesting

    Could you imagine what would happen if masterlock created Padlocks that all had the same combo to start with, and required you to change them? I totally agree!+

    --

    What are we going to do tonight Brain?