When OS X can’t protect you: attacking routers before computers

April 7, 2008

When OS X can't protect you: attacking routers before computersWhat happens when an attacker’s target isn’t a PC but rather the router protecting it? In such a case, the attacker would take control of the router and could possibly trick any connected device into doing a number of things. After spending the last year studying the Web’s Domain Name System, Researcher Dan Kaminsky claims this is possible in a real-world environment and will publicly demonstrate the hack on Tuesday.

It’s called a DNS binding attack, and up until recently, it wasn’t considered a real-world possibility. The hack requires the attacker to assemble a site with a special set of malicious JavaScript, which — when visited — would fool the browser into making any number of changes on the router’s Web-based configuration page, says InfoWorld.

A major component in the attack is that special Web-based configuration page, which many home routers and other devices — such as printers — utilize in order provide a pleasant GUI for managing the network. It’s this configuration page the malicious site would attack, giving the attacker control of your network’s security — scary. Kaminsky will demonstrate the attack during an RSA Conference on April 8, 2008.

He points out that there is no "bug" in routers that allows this attack. Instead the major problem rests in the way browsers work and that many default (and bad non-default passwords) for these configuration pages can be guessed.

Perhaps what’s scariest is that many users rely on the software installed on their machines to protect them. In the case of Mac users, OS X feels as safe its going to feel and Windows users tend to spend a decent effort on keeping their machines clean and safe, but none of that matters for an attack like this.

Be Sociable, Share!

Leave a Reply:


Recent stories

Featured stories

RSS Windows news

RSS Mac news

RSS iPad news

RSS iPhone & Touch

RSS Mobile technology news

RSS Tablet computer news

RSS Buying guides

RSS PS3/Wii/Xbox 360

RSS Green technology

RSS Photography

Featured Content

Archives

Copyright © 2014 Blorge.com NS