Ever wanted to cut millions of routers? Or try to stop someone doing it?
Perhaps a discussion at the next Black Hat conference in Las Vegas will help the objectives of one or both. And its title, “How to cut millions of routers,” cuts right to the chase as well.
The talk will be by Craig Heffner, senior security engineer seismic LLC, a Maryland-based provider of products cybersecurity at the Department of Defense and intelligence agencies. In it, apparently Heffner disclosed how to exploit a lot of consumer routers through DNS rebinding, an existing technique in which attackers turn “browsers in the Web proxies are victims attackers bidding.
DNS rebinding trick browsers in search of the internal network servers of the victim under the direction of the attacker, who may order to find and send corporate data to an external machine while evading detection by the user and not to tamper with DNS servers. Discussion Heffner to describe how you can use to access the internal router facing administrative interface without previous knowledge of the destination router or its settings, and bypass all the safeguards in place rebinding.
Heffner even show a tool that automates the attack and allows the attacker to browse the destination router interface in real time, allowing the exploitation of vulnerabilities or connection through the default credentials.
Cisco Linksys routers are vulnerable to court, such as under the brand names ActionTec, Asus, Belkin, Dell and Thompson. ActionTec routers are CPE in the Verizon FiOS service and talk Heffner will include a live demonstration on how to infiltrate a FiOS router by rebinding hack.