RSA conference shown how web page can take over your router

Security researchers will demonstrate how a web page can be armed to take control of network routers at today's RSA security conference.

Security researchers will demonstrate how a web page can be armed to take control of network routers at today's RSA security conference.

Researcher Dan Kaminsky will show how browser flaws can be used to get hackers past corporate firewalls by compromising the Internet's Domain Name System (DNS).

At the root of web security is the same origin policy - where web pages run within a sandbox and are prevented from infecting other web pages. This allows most network equipment to communicate with each other only if they come from the same host name.

"But one name can be mapped via DNS to many IP addresses, some local and others not. The effect? You come to my webpage, and I can establish a VPN onto your LAN. And that's only the beginning," said Kaminsky.

The attack, called a DNS rebinding attack, would work on devices connected to a network, such as printers, that use a default password and a web-based admin interface, said Kaminsky, director of penetration testing with IOActive.

The victim would visit a web page trip wired with JavaScript to make the browser change settings on the web-based router admin page. The JavaScript could allow hackers to take remote control of the device, or force the router to download further software.




Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close