Researcher creates malicious, router-controlling website

Joshua Topolsky
J. Topolsky|04.08.08

Sponsored Links

Researcher creates malicious, router-controlling website

Like having control of your connection to the internet? Don't tell Dan Kaminsky that -- the researcher has developed a method of DNS attack utilizing typical D-Link or Linksys routers that can allow hackers to gain command of your gear. The winner-takes-all maneuver, which is called a "DNS rebinding attack," functions by putting JavaScript into play that fools your browser into altering your router's configuration, thus letting the operator remotely administer the device. The concept isn't water-tight, as it takes advantage of easily-guessable router admin passwords, though Kaminsky says the enabling bug exists as a "core issue" for browsers. The attack will be showcased at tomorrow's RSA security conference, where it's hoped the demonstration will raise awareness about router security vulnerability. In the meantime, we suggest you change that default password.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.