Rate your broadband service!

Man using laptop image

Happy with broadband? Or is it letting you down?

Rate your broadband ISP here >>

Users urged to change default password on broadband routers to deter hackers

Manoj Solanki, Tuesday February 20, 2007 - 2:20 PM

Experts have warned of a new security threat that could leave millions of broadband users vulnerable to hacking.

A new technique, named “Drive-By Pharming” by Symantec’s security experts and the Indiana University School of Informatics, could lead to attackers taking control of a users router and unwittingly lead them to give out sensitive information, such as bank details to a fake website without even knowing it.  The threat is thought to affect millions of users worldwide.

The problem could occur if a user clicks on a link to malicious website set up by an attacker.  When a user views one of these websites, the webpage executes some malicious javascript or java code which identifies a user’s router model and specification, and will then attempt to access it using the default password.

The attacker then changes configuration settings on the router, including pointing your router to a fake DNS (Domain Name Server) created by the attacker.  A DNS is a special server containing a database of website addresses, such as “google.co.uk”, and a translation to a unique IP address for them in numeric form to send the browser to the right location.

Most routers will be configured to use a pre-set DNS server address, often given by an ISP.  However, if the attacker takes control of the router, it could change the DNS server settings without the user knowing.  The user may then end up going to a fake website, despite typing the correct address in.

One scenario with an affected router is a user typing the website address of their bank, but the DNS server points them to a different website, which looks exactly like the bank’s real website.

Fortunately, there is an easy solution.  A user should change the default password on their router. Details of changing the password should be available in the router manual. 

Here are some further tips for protecting from these attacks:

  • Do not click on a link if you are not sure of its trustworthiness.  This includes ignoring any links in spam emails
  • Use an anti-phishing tool, such as Google toolbar or a browser with anti-phishing protection, to minimise the chance of visiting a malicious website
  • Install and keep up to date with anti-virus and firewall software
  • Switch off java-script for untrusted websites.  Unfortunately, many popular websites rely on javascript being on for them to function correctly so it’s not always ideal to switch it off completely

 


Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

NOTE: All commments are reviewed. Please ensure comments are NOT Off Topic, Spam, Personal Attacks, Illegal or use profane or provocative language. Feedback or corrections about the article should be made by contacting us using the relevant link below.

Subscribe to SeekBroadband

Get the latest news, special offers, reviews and more.

 NB. We will never pass your email onto third parties.

 Subscribe in a reader



Article keywords: