Subtitle: “How to Hack Millions of Routers”
This really isn’t anything new, it’s just back in the news again. According to this article on Forbes.com:
Craig Heffner, a researcher with Maryland-based security consultancy Seismic, plans to release a software tool at the conference later this month that he says could be used on about half the existing models of home routers, including most Linksys, Dell, and Verizon Fios or DSL versions. Users who connect to the Internet through those devices and are tricked into visiting a page that an attacker has set up with Heffner’s exploit could have their router hijacked and used to steal information or redirect the user’s browsing.
It’s the old DNS Rebinding Attack I wrote about two years ago:
So, what’s new about this? Is this some sort of new approach to vulnerability? Must have been a slow security news week. Not this week, however. A newly-discovered 0-day vulnerability in Windows is the top of the news right now. My take on that one tomorrow.