Science

Computer routers face hijack risk: study

Researchers at the University of Indiana and Symantec Corp. are warning that about half of internet users with a home router are vulnerable to having the hardware hijacked

Researchers at the University of Indiana and Symantec Corp. are warning that about half of internet users with a home router are vulnerable to having the hardware hijacked.

                   
JARGON

Routers are devices used to link computers by relaying data between networks. For example, a router connects a home local area network to the internet.

Malware is a catch-all term for malicious software such as computer viruses, spyware and so on that compromise the security or function of people's computers.

Phishing is a technique in which criminals try to trick people into disclosing sensitive information such as online banking names and passwords and is often conducted through e-mails.

Pharming is an attack in which malicious individuals try to redirect traffic from one website to a false one.

The DNS or domain name system is a type of directory that links numerical Internet Protocol addresses to domain names, such as CBC.ca. It is akin to a phone directory that lets computers look up the number attached to a name and direct them where data traffic should go.

The researchers found that home router users are susceptible to attackers who could change settings on the devices to divert traffic without the owner's knowledge. For example, a person could enter the correct address of their bank's website into their web browser but they would be taken to a fake site designed to steal their banking information.

The attack appears to work on all major consumer versions of routers, such as those made by Linksys, Belkin, Netgear and D-Link, but a person would have to visit a specially crafted web page for it to work.

"A malicious web page has the disastrous ability to manipulate its visitors' home routers, changing its settings to enable spread of malware, target phishing attacks, or starve the visitor from critical security updates," the researchers wrote in their paper, Drive-By Pharming.

What sets the attack apart from others of its kind is that it does not rely on vulnerabilities in a web browser or other software, but instead lets malicious individuals attack at the network level.

The specially coded malicious web page could change the router's domain name system (DNS) settings, directing traffic wherever an attacker wishes.

The researchers cited surveys that showed half of home router users use the default password or no password on the device, and 95 per cent allow their web browsers to use JavaScript code.

"This means 47.5 per cent of all home users … are effectively leaving themselves open to another attack — allowing attackers to circumvent all known anti-phishing countermeasures," the researchers wrote.

The researchers recommended that people change their passwords on their routers and be selective about which Java applets, or programs, they allow to run on their computers.

The study, authored by Sid Stamm and Markus Jakobsson of Indiana University and Zulfikar Ramzan of Symantec, was published in December 2006 and is now being publicized by Symantec.

now