Router vulnerability (potential)
A new attack approach was documented in February by researchers at Indiana University and Symantec in which an Internet user need only visit a bad guy’s web site to become a potential victim for a variety of crimes, including possibly identity theft. At the very least, it exposes any and all information that you send over the Internet to snooping by unknown parties. The attack uses Javascript to change settings in your router so that all of your Internet traffic is sent through the bad guys’ computer system. Once your router has been compromised, it is very difficult to detect the problem, since everything will appear to act normally. The various antivirus, antispyware, etc. measures cannot detect this attack at present, and will be unlikely to detect a compromised router in the future.
The fix: MAKE SURE YOU HAVE CHANGED YOUR ROUTER’S ADMINISTRATOR PASSWORD FROM ITS FACTORY DEFAULT SETTING!! While you’re at it, be sure you’ve enabled encryption on your wireless.
Of course, you should also check the DNS settings in your router to be certain they belong to your ISP. If this doesn’t make sense to you, get a professional involved.
Technical reference: http://www.cs.indiana.edu/pub/techreports/TR641.pdf (checked 2/27/07)
1 comment so far
Leave a reply
[...] It seems the ISP’s tech support decided that the best course of action would be to reset the router to its factory settings, so they could set up auto-login to their system. This means any and all security settings I had in place for my customer went out the window. (I co-posted a note on router security and default admin passwords here.) [...]