We're pretty sure that many of the people reading this article do actually own and actively use a home wireles router, and for this reason, the threat level is even more serious. And that's because, if security researcher Craig Heffner from Seismic is right (and we don't really see just why he'd come up with such a story unless it was true and potentially dangerous), then your device and millions like it belonging to various manufacturers around the world might be in serious danger, due to a DNS-related security flaw.
So, the security researcher will demonstrate at the incoming Black Hat security conference
an exploit he came across that can be used against consumer-grade routers and involves DNS rebinding to gain interactive access to the router's internal-facing administrative interface. Things look, in fact, pretty bad, since Heffner claims that “unlike other DNS rebinding techniques, this attack does not require prior knowledge of the target router or the router's configuration settings such as make, model, internal IP address, host name, etc, and does not rely on any anti-DNS pinning techniques, thus circumventing existing DNS rebinding protections.”
As things usually go in this cases, the security researcher from Seismic has also developed (and is going to demonstrate at Black Hat) a tool that "completely automates the described attack and allows an external attacker to browse the Web-based interface of a victim's router in real time, just as if the attacker were sitting on the victim's LAN. This can be used to exploit vulnerabilities in the router, or to simply log in with the router's default credentials."
Confirmed affected routers include models manufactured by Linksys
, Belkin, ActionTec, Thompson, Asus
and Dell, as well as those running third-party firmware such as OpenWRT, DD-WRT and PFSense. In other words, we're talking about millions of devices from all over the world, which paints a pretty bleak picture. All we can hope right now is that the respective networking device's manufacturers will attend Mr. Heffner's presentation, and maybe issue a fix for this problem as soon as possible. We are just a few, but there are many of you, Softpedia users, out there. That's why we thought it would be a good idea to create an email address for you to help us a little in finding gadgets we missed. Interesting links are bound to be posted with recognition going mainly to those who submit. The address is . Follow me on Twitter @AlexVochin.