If you missed step one of securing your network, you just may fall victim to a hack that’s getting released into the wild next week. Seismic’s Craig Heffner says he’s got a way to hack into millions of routers and he’s going to share it with the masses during the Black Hat 2010 conference July 28-29, 2010.
What’s that first step? Changing the default administrator password, of course. The admin password gives you control over configuring your router and the hack is designed to exploit Domain Name System (DNS), which is used to convert web site addresses into IP addresses. While modern browsers have installed safeguards that prohibit content not registered to the specific IP address of the web page to be displayed, this can’t be used as the sole method of security.
What can happen? It’s been reported that the hack can trick users into visiting a web page that an attacker has created with Heffner’s exploit. The router could be hijacked, and thus used to steal information from the network or computer, or redirect the browser to a different page.
Several routers are affected – more than 30 – from companies like Belkin, Linksys and Dell. See the full list of potentially affected routers.
If your router isn’t on the list, that doesn’t necessarily mean your protected – only that the router model may not have been tested.
Additional Resource: Engadget