An engineer from security firm Seismic claims he will soon release instructions on how to hack millions of wireless routers commonly used in residential Internet connections. The how-to hack instructions will be given at this week's Black Hat security conference in Las Vegas.
The presentation, "How to Hack Millions of Routers" will be given by Senior Security Engineer for Seismic Craig Heffner. Heffner's presentation will include a live demonstration on how to "pop a remote root shell on Verizon FIOS routers" as well as a tool release that will automate the described attack. Seismic says it has tested around 30 routers so far, and has found that approximately half of them are vulnerable to the attack.
The attack uses a technique called "DNS rebinding" that supposedly allows attackers to harness attackees' browsers and make requests of them. The hack is executed when the user accesses a web page controlled by the hacker. The web page uses code (Java) to trick the browser into thinking that the page has the same origin as the user's computer. The hacker can then control the router and access the machines on the user's network.
According to the Black Hat website, this particular DNS rebinding attack can bypass existing DNS rebinding protections because it does not require the attacker to know the router's configuration settings (make, model, internal IP address, host name). At the moment, according to Heffner, the best way to combat this potential attack is to change a router's default password.