Home routers are open to remote attack

News

Home routers are open to remote attack

Antony Savvas

Researchers at Indiana University in the US have warned that home routers are at risk of being compromised by remote hackers.

They have demonstrated that users could open up their router’s traffic as a result of visiting a web page loaded with malicious javascript.

The malware would allow remote attackers to change the settings on a user’s router, to enable them to steal data and/or cause denial of service attacks.

The researchers have demonstrated the threat using a variety of home routers from different suppliers, and internet security firm Symantec has confirmed the threat using its own tests.

The security opening is down to users not changing the default passwords in their routers when installing them.

The researchers said, “Settings on the router can be changed, including the DNS servers used by members of small, quickly erected internal networks. The attacks do not exploit any vulnerabilities in the user's browser. Instead, all they require is that the browser run JavaScript and Java Applets.”

While the threat to home routers is real, said the researchers, no actual attacks have so far taken place. Users would also first have to be persuaded to visit a malicious website for any attack to take place.

Details of the threat can be viewed at: http://www.cs.indiana.edu/pub/techreports/TR641.pdf

Comment on this article: computer.weekly@rbi.co.uk


David Lacey’s security blog
The latest ideas, best practices, and business issues associated with managing security
http://www.computerweekly.com/blogs/david_lacey/

 


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy