For the first time, DNS redirection attacks against small office and home office (SOHO) routers are being delivered via exploit kits. French security researcher Kafeine said an offshoot of the Sweet Orange kit has been finding success in driving traffic from compromised routers to the attackers' infrastructure.The risk to users is substantial he said, ranging from financial loss, to click-fraud, man-in-the-middle attacks and phishing.
Perhaps it's time to demand OpenWrt compatibility? It's without backdoors by design, with continuous bug fixes, IPv6 support and unrestrained configuration capability. Embedded boxes seems to have a poor track record on bugs, transparency and robustness.
(Score: 2) by Nerdfest on Wednesday May 27 2015, @03:31PM
Typically there is authentication required, but many people will leave their session authenticated and few change their router's IP address which goes a long way towards mitigating the problem as well. Not allowing CSRF exploits would be the proper solution, but even just requiring re-autheintication before setup changes would also help.
(Score: 0) by Anonymous Coward on Wednesday May 27 2015, @04:16PM
If you read about the exploit, they actually use Chrome as the primary vector because it allows it to discover info on the lan, including IP address and the gateway's address.
(Score: 2) by frojack on Wednesday May 27 2015, @06:06PM
Well at least routers aren't shipped with standard passwords any more. The default password is encoded to the serial number on any modern router.
The configuration capability is usually restricted to a lan port. The exception is those routers you get from any ISP. They almost always have some sort of remote management capability.
Personally, I move all routing and dns services into a linux box. I use WIFI routers as Access Points only. In the few cases that I ever have a carrier provided router/modem I set it for pass through operation and feed a linux or openbsd box configured as a router gateway.
No, you are mistaken. I've always had this sig.