More than 300,000 wireless routers turned out to be undergoing hacking attacks to change passwords and settings


ByTod Kurt

Security FarmTeam Cymru,D-Link·Micro net·Tenda·TP-LinkHave revealed that more than 300,000 wireless routers selling for individuals and small offices are under attack from hackers.

TeamCymruSOHOPharming.pdf (PDF)
https://www.team-cymru.com/ReadingRoom/Whitepapers/2013/TeamCymruSOHOPharming.pdf

According to TeamCymru, the hacker attacked the Domain Name System (DNS) server which takes over the wireless router and converts the domain name of the computer into an IP address. The attack method used by hackersCross site request forgery(CSRF), which changes the settings of the wireless router including the password etc., the attacked wireless router is "5.45.75.11"When"5.45.75.36The DNS setting will be changed to use the IP address ". Besides, it is said that an attack that changed the password and setting of WPA / WPA 2 was confirmed.

ByDave Herholz

Many of the wireless routers suffering from hacking were confirmed in Asia and European countries such as Vietnam, India, Italy, Thailand. As users continue to use the attacked router, the internet banking password may be stolen or redirected to a website that installs malicious software.

This massive attack by hackers is very important to the matter that occurred in Poland in 2013, "Change hackers to hack their wireless routers and intercept connections to users' Internet banking sites" Although there are similarities, TeamCymru says that this attack is not caused by the same hacker group.

ByDaniela Hartmann

In response to the IP address of the attacked wireless router being changed to "5.45.75.11" or "5.45.75.36", the researcher at TeamCymru attempted to contact the company offering the changed IP address However, it is said that the detailed writing of the article is still not done yet.

Among the methods used to attack routers, CSRF is the most widely used one. Users are better to check that the firmware of the wireless router has been updated to the latest version, whether the vulnerability has been improved, DNS setting has not been changed, and so on. Also, if you turn off the remote management function of the wireless router or restrict the IP address that can be connected to the router, the security will be improved.

in Note,   Hardware, Posted by darkhorse_log