A new era is dawning in mainstream hacking techniques that target devices that are not very well defended in most homes: The routers that you get at your local retailer to protect your high-speed DSL or Cable connected PC from malevolent hackers is now the very platform that malefactors are using to steal your information, redirect your phone calls and to send you to data harvesting illegitimate banking web sites.
Drive-by Pharming: Check out this article "Drive-by Pharming in the Wild" on Symantec’s web site. The basic form of attack was one in which the hack "modified the router’s DNS settings so that the URL for a popular Mexico-based banking site (as well as other related domains) would be mapped to an attacker’s Web site." Many of the common home routers from D-Link, Linksys, and Netgear can be vulnerable to this attack not because of a vulnerability, but because the DEFAULT PASSWORD WAS NOT CHANGED on the router. This type of attack will be less common in the business world assuming that the routers are well managed, but home users are slow to adopt security when they don’t understand the risks or if its inconvenient or difficult to change. How many home users even know how to login to their home router once its initially setup and configured? This type of attack was only a theory last year, but now its REAL!
VOIP Call Jacking: The next big wave that’s coming in telephony is a new type of VOIP attack called "Call Jacking" which can be used both as a classic phishing attack to harvest information, but also as a toll fraud mechanism. As with any technology that’s widely adopted, Voice over IP telephone has grown tremendously in the past few years because of its low cost alternative to traditional telephone lines. With this technology come new security challenges. VOIP may turn out to be more costly than we initially thought.
Home Router Hacks: There is not currently a good way to get home users to update their routers with security patches and firmware upgrades. Most users don’t know they are vulnerable or how to fix a vulnerable home router, but Secunia lists at least 19 Linksys devices with 1 or more vulnerabilities, 24 D-link devices, and 11 Netgear devices. The number of vulnerabilities and models listed do not really matter for how secure a home router may be in relation to the others – they are all state-of-the-art routers and firewalls that are being probed continually for weaknesses to exploit. The manufacturers do issue advisories and patches for these devices, but home users rarely get the updates or even know they are at risk much of the time.
So what do we do about these new types of attacks?
Short term – we need to understand the changing landscape and educate users about these risks – chances are if you are reading this blog you are already concerned about security – go tell your friends, families and co-workers about security best practices and what to watch for. Have them read good article on DNS spoofing and change default passwords on their Home Routers. There are always going to be risks when online, we just need to minimize those risks when possible and changing the default password is a good start.
Long term – there needs to be a shift in how home devices are designed so that non-technical users be sure to use best practices and notified if their devices are not secured or configured properly. Perhaps anti-phishing & malware technology should be built into the routers themselves.
Summary: Attackers are creative and will continue to get more sophisticated & go after the targets that are least likely to be detected and hardest to recover. Some of these new kinds of attacks will never go through an anti-virus filter on a PC. Because of that, I believe that Home Routers are a low hanging fruit for the next few years and will be one are that is targeted more and more.