Tuesday, December 09, 2008

Home Routers At Risk Of CSRF Attack

Security researchers warn that several home DSL routers used by AT&T's DSL service are vulnerable to cross-site request forgery (CSRF) attacks.

Nathan Hamiel, a consultant and founder of security think-tank Hexagon Security Group, discovered a CSRF vulnerability in the Motorola/Netopia 2210 DSL modem that, among other things, could let an attacker insert malware onto the victim's computer or recruit it as a bot for a botnet. "CSRF is one of the only vulnerabilities that can be either completely innocuous or completely devastating," Hamiel says.

The vulnerability isn't isolated to Motorola/Netopia DSL modems. It affects most DSL modems because they don't require authentication to access their configuration menu, he says. "I can take over Motorola/Netopia DSL modems with one request, and I can do it from MySpace and other social networks," Hamiel says. The attack uses HTTP POST and GET commands on the modems, he says.

CSRF vulnerabilities are nothing new; they are pervasive on many Websites and in many devices. "CSRF, in general, is a very old issue," says Hamiel, who blogged about the hack this week. "Most of the vulns found today are old. That's the point: Nobody seems to learn lessons anymore."

CSRF flaws in home routers have been exposed before, such as the Router Hacking Challenge by hacker PDP, notes Robert ("Rsnake") Hansen, principal with SecTheory. "Using CSRF to exploit routers, while not new, is an ever-present attack that few vendors appear to be protecting against sufficiently," he says.

A CSRF attack on a DSL router could be launched from a social networking site, Hamiel says, using an image tag on a MySpace page, for example. "Everyone who viewed my MySpace page with AT&T DSL and the Motorola/Netopia DSL modem would be owned," he says.

What can users do? The cure is as simple as logging in to your DSL modem/router and setting a password. For users of the Motorola/Netopia 2210 DSL modem (and most other netopia devices) enter http://192.168.1.254 in the URL Address text box. You'll be prompted to create a password for your modem. Enter a new password, repeat it, and click the Next button. For further assistance it's best to read your user manual or contact netopia support.

Source: Dark Reading
Bookmark and Share
Posted by at Labels:

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you
Geek-News.Net

Subscribe to: Post Comments (Atom)