igotspam

Hackers Targeting Routers Next?

Filed in archive Security measures on March 8, 2008

Hackers Targeting Routers Next?
There is a great blog post on ZDNet about routers quite possibly being the next target for hackers. A "Router Hacking Challenge" was recently made, with the idea being to share attacks against a variety of routers. Here is an excerpt from the Full Discloser mailing list sharing the findings:
Here is a quick summary, in no particular order, of the types of vulnerabilities we are exhibiting:
authentication bypass

a-to-c attacks

csrf (cross-site request forgeries)

xss (cross-site scripting)

call-jacking - like making your phone dial numbers or even survey room's sound where the phone resides

obfuscation/encryption deficiencies

UPnP, DHCP and mDNS problems - although not officially reported, most devices are affected

SNMP injection attacks due to poor SNMP creds

memory overwrites - well it is possible to overwrite the admin password while being in memory and therefore be able to login as admin

stealing config files

cross-file upload attacks - this is within the group of csrf attacks

remote war-driving - way cool

factory restore attacks

nformation disclosure

The idea of hackers focusing on routers isn't really all that surprising when you realize that most people simply leave theirs unsecured. Here in my neighborhood my wireless card picks up half a dozen networks, and only one is secure-mine. The others are wide open for anyone to jump on and enjoy. Check out this Blackhat presentation for more great info.



Permalink: Hackers Targeting Routers Next?

Tags: Anti  spam  Server  anti  spam  Anti  spam  for  exchange  Exchange  spam  Attachment  spam  Antiphishing  Spam  bl 

Vote for Hackers Targeting Routers Next?:

  • Currently 8.75/10
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
Rating: 8.75 out of 4 vote(s) cast.
 
Share It
RSSrss
Google google
Yahoo! yahoo
Addthis Subscribe using any feed reader!
Bloglines Bloglines
TwitterFollow us on Twitter!
Most Popular   Announcements   Anti-Spam Tools   Archival Tools   Best of   Did you know   Events   Fight!   Information about   Malware   Misc   Phishing   Security measures   Spam   Spam News   Spyware