The conference for Black Hat security is taking place in Las Vegas, which offers an display of information security researchers and hackers unearthing the mysterious ways to crack many locked and safe parts of the world wide web.
Usually the proceedings take place under two separate classifications:
- Black Hat Briefings
- Black Trainings
However, no matter what this belongs to, this title from the schedule makes you rub your eyes and to read it again. This is nothing but the briefing by Craig Heffner (who is working as researcher at Seismic) named “How to Hack Millions of Routers”. Yet another exciting thing about this is that Heffner also has planing to release an application/tool in the conference, which is claimed to be useful on more than half of the existing home router models are most likely be of Dell, Linksys and other such DSL versions. It is found that people connecting to the web through these devices are most likely to be trapped into an attacker’s webpage that has Heffner’s works which would result in getting their routers hijacked making it easy to steal their information. This technique from him is actually a variation on the Domain Name System (DNS) rebinding technique, which has been on research nearly for the past fifteen years. On his point of view,” There have been lots of patches released over the past few years, and still hasn’t really been able to get it fixed completely”, this method of his aims at exploiting a part of DNS, the method used to convert webpage names into numeric IP addresses.
One more important fact on this regard is that most of the modern browsers have security systems that can safeguard information getting stolen by websites with IP addresses not registered with it. However this trick of Heffner works in the following manner:
- Visitor (i.e the victim or prey) visits the booby-trapped (phishing) site!
- A script executes which switches itself to user’s (alternate) IP address and hence granting accesses to the user’s network, thus hijacking the browser and stealing the required information by gaining access to their router settings.
This is not a new concept but the browsers have patches for their initial version. “But the fact is very well know n that almost all of these patches are easily circumvented” were Heffner’s comments on these and he also added that “Up until now no one has put this thing together like this” He said he has his attack are tested on 30 different models of router and as a result he found that only half were strong enough to resist. Even though, he says these, he still remains mum on the core concept which he reserves to be revealed on the briefing day.
[via forbes]
Subscribe to our RSS Feed!
