NEWS CATEGORIES:

NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>

Find us on Google+

Home > News > Security > Hacking News

July 14th, 2010, 08:53 GMT · By Lucian Constantin

DNS Rebinding Attack Can Be Used to Hack Home Routers

Adjust text size:

Automated home router hacking tool to be released at Black Hat

A security researcher has devised a special attack that can be used to access the LAN-facing admin interfaces of many widely used home router models. The technique is a variation of DNS rebinding, but is able to bypass traditional protections against such attacks.

The attack method will be demonstrated at the upcoming Black Hat technical security conference in Las Vegas, by a ethical hacker named Craig Heffner, who currently works as a senior security engineer at Seismic. Heffner's presentation, called “How to Hack Millions of Routers” will be accompanied by the release of a tool which automates the attack.

According to the presentation notes this tool “allows an external attacker to browse the Web-based interface of a victim's router in real time, just as if the attacker were sitting on the victim's LAN. This can be used to exploit vulnerabilities in the router, or to simply log in with the router's default credentials.”

DNS rebinding attacks have been known for well over a decade and usually involve subverting a browser's same-origin policy for code that executes on the client side, such as JavaScript, Java or Flash. This is achieved by serving extremely short-lived DNS responses for a hostname and quickly switching from an external IP address to that of the victim's LAN one. This will allow code to be executed in the context of the internal network.

Heffner's attack, which promises to circumvent existent DNS rebinding protections, is router-model-independent and does not employ any anti-DNS pinning techniques. The attack has been tested successfully on routers manufactured by Linksys, Belkin, ActionTec, Thompson, Asus and Dell, as well as those running Linux- or FreeBSD-based open source firmware like DD-WRT, OpenWRT and PFSense.

The ActionTec MI424-WR model provided by Verizon to its FiOS customers, will be of special interest in the presentation. The researcher plans to demonstrate how his attack can be used to obtain a remote root shell on this widely deployed router.

You can follow the editor on Twitter @lconstantin

FILED UNDER:

TELL US WHAT YOU THINK:

6,566 hits · 1 comment · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:

Memory-Resident Malware Infects Routers

Juniper Warns of Critical Vulnerability in Its Routers

Thousands of Time Warner Routers Still Vulnerable

Lack of Security in Routers Distributed by Time Warner

Wireless Routers Running DD-WRT Vulnerable

READER COMMENTS:

Comment #1 by: Rahul Tyagi on 14 Aug 2010, 17:37 UTC	reply to this comment
Hope in India its not abbig problem because people at home using no security here, no SSID hiding,no encryption on and yup the worst no authentication. people are not much awared with these sort of wireless threats, and yup the concept of WAR Driving is a question like "Water on Mars"

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| UPDATE YOUR SOFTWARE \| ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved. Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use