Security researchers will demonstrate how a web page can
be armed to take control of network routers at today'sRSA security conference.
Researcher Dan Kaminsky will show how browser flaws can be used
to get
hackers past corporate firewalls by compromising the Internet's
Domain Name System (DNS).
At the root of web security is the same origin policy - where
web pages run within a sandbox and are prevented from infecting
other web pages. This allows most network equipment to communicate
with each other only if they come from the same host name.
"But one name can be mapped via DNS to many IP addresses, some
local and others not. The effect? You come to my webpage, and I can
establish a VPN onto your LAN. And that's only the beginning," said
Kaminsky.
The attack, called a
DNS rebinding attack,
would work on devices connected to a network, such as printers,
that use a default password and a web-based admin interface, said
Kaminsky, director of penetration testing with IOActive.
The victim would visit a web page trip wired with JavaScript to
make the browser change settings on the web-based router admin
page. The JavaScript could allow hackers to take remote control of
the device, or force the router to download further software.