Tuesday, 26 May 2015 06:41

Fun with DNS hacking and the importance of updating your router

Written by

Reading time is around minutes.

On March 2 2015 CVE-2015-1187 was released. This alert indicated that a simple cross-site request forgery allowed someone (the “bad” guys) to hijack DNS settings on a wide range of routers. By doing this they were able to point people to their own DNS server and in turn direct them to malicious sites. These sites could be anything they wanted them to be from phishing sites to sites with malware intended to compromise the target system. The exploit is a pretty smart one especially when you take into account the fact that the bad guys do not need to remotely manage the target router to get this going.

The exploit was discovered by a security researcher that goes by the name Kafeine and he claims that a number of popular home and SMB routers are affected including Netgear, Asus, D-Link and Linksys. The exploit is already in the wild with multiple malicious DNS servers spotted (and getting active hits). What is even more interesting is that there are patches for this vulnerability out there, but no one seems to be updating them.

The number of flaw in the current DNS system are pretty large and allow for people to do some pretty interesting things to the traffic we send and receive on the internet. A computer does not really know where it is going on the internet until DNS tells it by giving it the target IP address. This is why DNS hijacking is very concerning. We have seen a trend over the last couple of years where the hardware that controls traffic is being attacked rather than the individual systems. This type of attack allows for greater effect and as updates are typically not performed on a routine basis an exploit is likely to stay in place for much longer than one on a PC, Mac, or phone.

We highly recommend updating the firmware on your home router as new ones become available in the same way you would update your computer. This will be even more important as we see this type of exploit continue to grow.

Read 2409 times Last modified on Tuesday, 26 May 2015 06:42

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.