Infrastructure // Networking
04:38 PM
Connect Directly
Repost This

Cisco Warns That 77 Routers Are Vulnerable To New Drive-By Pharming Attack

Users -- both home and commercial -- need to change the default user name and password on their routers.

Cisco Systems Inc. has advised its customers that 77 of its routers are vulnerable to a new form of attack called drive-by pharming.

Researchers at security company Symantec first warned users about the new type of attack last week, calling for all users -- both home and commercial -- to change the default user name and password on their routers if they hadn't already done so. Running the routers with the out-of-the-box password leaves users open to attack.

Symantec's Zulfikar Ramzan posted an online warning that hackers are lacing phony Web sites with malicious code that actually will log into and mess with broadband routers. He's coined a term for it: Drive-By Pharming.

"I believe this attack has serious widespread implications and affects many millions of users worldwide," wrote Ramzan, senior principal researcher in the Advanced Threat Research Group at Symantec, on the company's Security Response Weblog. "Fortunately, this attack is easy to defend against, as well."

The defense simply is to change the default password.

Cisco posted a Security Response on its Web site, outlining which routers are vulnerable to the attack and offering advice on changing the password.

Mike Caudill, incident manager at Cisco, says he doesn't have an estimate on how many users change the default user name and password, but adds that it's probably a significant number. He notes that drive-by pharming mostly affects smaller routers used in homes and small- and medium-sized businesses, because the larger enterprise-level routers come with a configuration tool that automatically calls for the default user name and password to be changed during set up.

Ramzan, and his fellow researchers, Sid Stamm and Markus Jakobsson of the Indiana University School of Informatics, say attackers build fraudulent Web pages that, simply when viewed, result in substantive configuration changes to unprotected broadband routers or wireless access points. Malicious JavaScript code on the page is downloaded to the computer.

"When the Web page is viewed, this code, running in the context of your Web browser, uses a technique known as 'Cross Site Request Forgery' and logs into your local home broadband router," says Ramzan. "Now, most such routers require a password for logging in. However, most people never change this password from the original factory default. Upon successful login, the JavaScript code changes the router's settings. One simple, but devastating, change is to the user's DNS server settings."

Once the attackers get into the router, they have control over it, allowing them to direct users and their browser to whatever Web sites they choose. A user may want to visit, but instead will be directed to whatever site the attackers want to send him to.

Caudill explains that most router manufacturers use basic, and relatively unsecure, default user names and passwords to make the set-up process easier for the user. "It might be a simplified login mechanism with a known user name and password," he says. "If they put a different one on every single box, how would they possibly do technical support? If you have 100,000 boxes and have 100,000 user names and passwords, how would I ever be able to help people get set up?"

Comment  | 
Print  | 
More Insights
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.