The folks at Symantec are warning that a new drive-by attack called “Drive-By Pharming” can attack unprotected routers, where the user has not set a new password, and is using the default which is normally is left blank. This new type of attack can re-route traffic and the user is taken to a different location where the hacker has set up his wares for continued attacks.
So how can this be happening? Simple. Wireless routers are extremely popular devices. And most routers now come with some type of a wizard to simplify the setup process for the end user. However, it is up to the user to reconfigure the router, to setup a new admin password, which normally is configured ‘blank’ by default, which allows the user easy access for first time setup.
Also it is up to the user to configure the router using WEP or WPA protections, to prevent unauthorized users from connecting to the user’s router. This is commonly referred to as a ‘drive-by connection’ where a user in a vehicle using a laptop can connect to a wide open router and use the connection freely.
The recommendation is simple. Set up a password for access to your router. This information is usually supplied in the user’s manual or you can obtain the information from the manufacturer’s Web site for your specific make and model of router.
I took a simple approach to setting up my router password. I used a old phone number I had about 20 years ago, including area code plus the name of the first pet I owned as a kid. It might not be 100% hacker proof, but at least I can remember it. In fact, going back into one’s router is not something we normally do day in and day out. I haven’t reconfigured my router since I changed ISPs some eight months ago. Yet I was able to remember the password last evening, when I checked to confirm my password was active on my router, after reading about this latest attack.
[tags]router, attack, password, broadband, Drive-By Pharming[/tags]