At the end of this month, the annual Black Hat security conference will be held in Las Vegas.
You may feel this event has nothing to do with you, but one of the topics from Craig Heffner will shock you:
How to Hack Millions of Routers
In the briefing, he said:
This talk will demonstrate how many consumer routers can be exploited via DNS rebinding to gain interactive access to the router's internal-facing administrative interface. Unlike other DNS rebinding techniques, this attack does not require prior knowledge of the target router or the router's configuration settings such as make, model, internal IP address, host name, etc, and does not rely on any anti-DNS pinning techniques, thus circumventing existing DNS rebinding protections.
A tool release will accompany the presentation that completely automates the described attack and allows an external attacker to browse the Web-based interface of a victim's router in real time, just as if the attacker were sitting on the victim's LAN. This can be used to exploit vulnerabilities in the router, or to simply log in with the router's default credentials. A live demonstration will show how to pop a remote root shell on Verizon FIOS routers (ActionTec MI424-WR).
Confirmed affected routers include models manufactured by Linksys, Belkin, ActionTec, Thompson, Asus and Dell, as well as those running third-party firmware such as OpenWRT, DD-WRT and PFSense.
Here is the test result of a list of routers:
| Vendor |
Model |
H/W Version |
F/W Version |
Successful |
| ActionTec |
MI424-WR |
Rev. C |
4.0.16.1.56.0.10.11.6 |
YES |
| ActionTec |
MI424-WR |
Rev. D |
4.0.16.1.56.0.10.11.6 |
YES |
| ActionTec |
GT704-WG |
N/A |
3.20.3.3.5.0.9.2.9 |
YES |
| ActionTec |
GT701-WG |
E |
3.60.2.0.6.3 |
YES |
| Asus |
WL-520gU |
N/A |
N/A |
YES |
| Belkin |
F5D7230-4 |
2000 |
4.05.03 |
YES |
| Belkin |
F5D7230-4 |
6000 |
N/A |
NO |
| Belkin |
F5D7234-4 |
N/A |
5.00.12 |
NO |
| Belkin |
F5D8233-4v3 |
3000 |
3.01.10 |
NO |
| Belkin |
F5D6231-4 |
1 |
2.00.002 |
NO |
| D-Link |
DI-524 |
C1 |
3.23 |
NO |
| D-Link |
DI-624 |
N/A |
2.50DDM |
NO |
| D-Link |
DIR-628 |
A2 |
1.22NA |
NO |
| D-Link |
DIR-320 |
A1 |
1 |
NO |
| D-Link |
DIR-655 |
A1 |
1.30EA |
NO |
| DD-WRT |
N/A |
N/A |
v24 |
YES |
| Dell |
TrueMobile 2300 |
N/A |
5.1.1.6 |
YES |
| Linksys |
BEFW11S4 |
1 |
1.37.2 |
YES |
| Linksys |
BEFSR41 |
4.3 |
2.00.02 |
YES |
| Linksys |
WRT54G3G-ST |
N/A |
N/A |
YES |
| Linksys |
WRT54G2 |
N/A |
N/A |
NO |
| Linksys |
WRT160N |
1.1 |
1.02.2 |
YES |
| Linksys |
WRT54G |
3 |
3.03.9 |
YES |
| Linksys |
WRT54G |
5 |
1.00.4 |
NO |
| Linksys |
WRT54GL |
N/A |
N/A |
YES |
| Netgear |
WGR614 |
9 |
N/A |
NO |
| Netgear |
WNR834B |
2 |
2.1.13_2.1.13NA |
NO |
| OpenWRT |
N/A |
N/A |
Kamikaze r16206 |
YES |
| PFSense |
N/A |
N/A |
1.2.3-RC3 |
YES |
| Thomson |
ST585 |
6sl |
6.2.2.29.2 |
YES |
If your home router is not in this list or is temporarily safe, it doesn't mean there is no risk.
The technical details are not the points I want to discuss in this article - which you may also have no interest in at all. As I know, many people treat computers or computer-driven appliances as traditional devices. However, these 'smart' devices never be perfect. Bugs will be found after they were purchased by consumers from market. Unfortunately, most of consumers never maintain their computers or similar devices until problems occur. This is the same as a driver who lacks the sense of road safety. The biggest leak is not in routers or elsewhere, but in people's mind!
So, what are you waiting for? Take actions as soon as possible before troubles come to you!