Around 300,000 Wi-Fi Routers Attacked in Security Exploit
Published on: 3rd Mar 2014
By: Ian Mansfield
Researchers have discovered a world wide network of hacked Wi Fi routers that have apparently been compromised though a flaw in their core software.
Around 300,000 Wi-Fi routers used in domestic and small business settings are thought to have been affected by the flaw, which was uncovered by security researchers at Team Cymru.
The researchers said that they first noticed the problem -- which has affected routers from several manufacturers -- earlier this year.
These first routers to be affected had been in Eastern Europe, but most of the affected routers appear to be located in Vietnam with the rest scattered around Europe as well as a couple of other countries.
The main attack appears to shut-down the router's DNS lookup that it uses to work out which IP address underlys a website domain name. By changing the details, it could send a user to a cloned copy of -- for example, their bank website -- where users would enter their details unaware that they were not at the correct webserver.
So far there is no evidence that any spoofing has taken place, but the researchers are still investigating.
The DNS requests would however appear to have needed to be routed through just two locations, both in London, UK, and as such it will be moderately easy to shut-down that facility. At least until the hackers find another location to host their DNS spoofing service and try attacking Wi-Fi routers again.
Team Cymru said that they have contacted law enforcement authorities and ISPs to block any data requests being sent to the compromised IP addresses.
The exploit that permitted the hack is said to be around two years old, and should have been patched by most vendors. However, unlike most computers or smartphones, people rarely think to update the software in their Wi-Fi router, making it an ideal target for these sorts of attacks.
On the web: Team Cymru