New attack technique threatens broadband users


New attack technique threatens broadband users

Bill Brenner, Senior News Writer

Millions of broadband users are at risk for a new kind of attack called drive-by pharming, which targets password weaknesses in the victim's router, researchers from Symantec Corp. and Indiana University warned Thursday.

The threat is greatest for those who don't change their default passwords after using them to bring the router online. According to an informal study by Indiana University, up to 50% of home broadband users fail to reset the password after installing their router.

"What worries me if that it's so simple for people to fall for this kind of attack," said Zully Ramzan, senior principal researcher for Symantec Security Response. "Most people connect to the Internet through broadband today, but they don't adequately protect their routers."

Attackers use this technique by luring the victim to a malicious Web site. Once the user is on that site, the attacker is able to use JavaScript to change the DNS settings on the router. "This gives the attacker complete discretion over which Web sites the victim visits on the Internet," Ramzan said. "For example, the user may think they are visiting their online banking Web site but in reality they have been redirected to the attacker's site."

Such fraudulent sites are an almost exact replica of the actual site so the user won't likely notice the difference. Once the user is directed to the pharmer's "bank" site and enters their user name and password, the attacker can steal the information and access the

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

victim's account to transfer funds, create new accounts and write checks.

While the threat affects mostly home users, Ramzan said enterprise environments are also at risk.

"A lot of people take their laptops home and work off their home router," he said. "One of the ways people break into networks is by stealing credentials from a compromised laptop."

His advice to users is to reset their router passwords at least once -- the day it is hooked up to the home or office computer system. If the password is changed every few months, that's even better.

Professor Markus Jakobsson of the Indiana University School of Infomatics the new attack technique shows how important the human factor is in security

"While drive-by pharming arises due to inadequate protective measures, there is also another human component: If an attacker can trick you into visiting his page, he can probe your machine," he said in a statement. "Deceit is not new to humankind, but it is fairly recently that security researchers started taking it seriously."