Software // Enterprise Applications
News
2/21/2007
04:38 PM
Connect Directly
RSS
E-Mail
50%
50%

Cisco Warns That 77 Routers Are Vulnerable To New Drive-By Pharming Attack

Users -- both home and commercial -- need to change the default user name and password on their routers.

Cisco Systems Inc. has advised its customers that 77 of its routers are vulnerable to a new form of attack called drive-by pharming.

Researchers at security company Symantec first warned users about the new type of attack last week, calling for all users -- both home and commercial -- to change the default user name and password on their routers if they hadn't already done so. Running the routers with the out-of-the-box password leaves users open to attack.

Symantec's Zulfikar Ramzan posted an online warning that hackers are lacing phony Web sites with malicious code that actually will log into and mess with broadband routers. He's coined a term for it: Drive-By Pharming.

"I believe this attack has serious widespread implications and affects many millions of users worldwide," wrote Ramzan, senior principal researcher in the Advanced Threat Research Group at Symantec, on the company's Security Response Weblog. "Fortunately, this attack is easy to defend against, as well."

The defense simply is to change the default password.

Cisco posted a Security Response on its Web site, outlining which routers are vulnerable to the attack and offering advice on changing the password.

Mike Caudill, incident manager at Cisco, says he doesn't have an estimate on how many users change the default user name and password, but adds that it's probably a significant number. He notes that drive-by pharming mostly affects smaller routers used in homes and small- and medium-sized businesses, because the larger enterprise-level routers come with a configuration tool that automatically calls for the default user name and password to be changed during set up.

Ramzan, and his fellow researchers, Sid Stamm and Markus Jakobsson of the Indiana University School of Informatics, say attackers build fraudulent Web pages that, simply when viewed, result in substantive configuration changes to unprotected broadband routers or wireless access points. Malicious JavaScript code on the page is downloaded to the computer.

"When the Web page is viewed, this code, running in the context of your Web browser, uses a technique known as 'Cross Site Request Forgery' and logs into your local home broadband router," says Ramzan. "Now, most such routers require a password for logging in. However, most people never change this password from the original factory default. Upon successful login, the JavaScript code changes the router's settings. One simple, but devastating, change is to the user's DNS server settings."

Once the attackers get into the router, they have control over it, allowing them to direct users and their browser to whatever Web sites they choose. A user may want to visit www.informationweek.com, but instead will be directed to whatever site the attackers want to send him to.

Caudill explains that most router manufacturers use basic, and relatively unsecure, default user names and passwords to make the set-up process easier for the user. "It might be a simplified login mechanism with a known user name and password," he says. "If they put a different one on every single box, how would they possibly do technical support? If you have 100,000 boxes and have 100,000 user names and passwords, how would I ever be able to help people get set up?"

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.