Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: Home routers under attack...

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post

    FYI...

    How to Protect Your Wi-Fi Network from the WPA Hack
    - http://lifehacker.com/5079721/how-to...m-the-wpa-hack
    Nov 7 2008 - "... a PhD candidate studying encryption has found an exploit in the WPA standard that would allow a hacker to "send bogus data to an unsuspecting WiFi client," completely compromising your Wi-Fi security and opening your network to all sorts of hacking. Lucky for you, it's not terribly difficult to protect yourself against the new exploit.
    The key: Just log into your router, switch off Temporal Key Integrity Protocol (TKIP) as an encryption mode, and use Advanced Encryption System (AES) only. TKIP is the only protocol that the hack applies to, so switching to AES-only will ensure that your Wi-Fi network is safe again. It's quick and easy, so do yourself a favor and make the adjustment now so you don't run into any problems in the future."

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2008-5230
    Last revised: 12/03/2008

    - https://www.cisco.com/en/US/products...nalInformation
    "... the use of WPA2 with AES is recommended whenever possible..."

    Last edited by AplusWebMaster; 2012-01-08 at 08:21.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down DSL modem-router botnet...

    FYI...

    DSL modem-router botnet...
    - http://blog.trendmicro.com/botnet-ri...-chuck-norris/
    Mar. 1, 2010 - "... Dubbed the “Chuck Norris botnet,” based on the Italian comment in its source code, in nome di Chuck Norris (translation: “in the name of Chuck Norris”), this botnet infects vulnerable DSL modems and routers to spread a worm Trend Micro detects as WORM_IRCBOT.ABJ. This worm tries to gain access to a target router by guessing the router’s configuration password using brute force. It may also spread via shared networks by exploiting a known Microsoft vulnerability, MS03-039 Buffer Overrun in RPCSS Service. The worm’s routines make users who are connected to the same network or router at risk of being infected. This worm also has backdoor capabilities that allows attackers to execute remote command on affected systems, which include downloading and executing other malware and launching denial-of-service (DOS) attacks against other systems. Ultimately, its main goal is still to gain profit from unknowing users by stealing personally identifiable information (PII) and credentials to access certain websites, particularly online banking sites. Its infection routine via router may be unusual for most bots of its kind, which usually infects computers. But it is not the first time that bots have used modems and routers as a propagation platform. Trend Micro has, in fact, reported such attacks in the past in relation to other threat families such as ZLOB, RBOT, and QHOST..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb Wi-Fi hacked in seconds...

    FYI...

    Wi-Fi hacked in seconds ...
    - http://blog.cpp.co.uk/index.php/arti...etworks-safely
    14 Oct 2010 - "... Using only a laptop and widely available software, our ethical hacker demonstrated how vulnerable we are to Wi-jacking because of non-existent or inadequate online security. Having gained access to your personal details hackers can ‘cloak’ criminal activities such as purchasing illegal pornography or selling on stolen goods. It also allows them to view your private transactions over the network, accessing passwords and usernames which can then be used to impersonate you and commit identity fraud and other illegal activity in your name.
    Key findings from the report:
    • We found that nearly a quarter of private wireless networks have no password whatsoever attached, making them immediately accessible to criminals
    • Hackers were able to ‘harvest’ usernames and passwords from unsuspecting people using public networks at a rate of more than 350 an hour, sitting in town-centre coffee shops and restaurants.
    • More than 200 people unsuspectingly logged onto a fake Wi-Fi network over the course of an hour, putting themselves at risk from fraudsters who could harvest their personal and financial information.
    Steps and ways to protect yourself..."
    (More detail at the URL above.)

    > http://www.cpp.co.uk/news/wireless-n...pen-to-attack/

    - http://news.cnet.com/8301-27080_3-20021188-245.html
    November 1, 2010 - "Chances are you don't leave your front door unlocked. And you shouldn't leave your Wi-Fi network unsecured either. Many of you may have heard this before, but many still seem to not be doing anything about it. You should. Here's why. With a $50 wireless antenna and the right software a criminal hacker located outside your building as far as a mile away can capture passwords, e-mail messages, and any other data being transmitted over your network, and even decrypt data that is supposedly protected..."

    Last edited by AplusWebMaster; 2010-11-02 at 12:47.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Tools bypass router security...

    FYI...

    Tools bypass Wireless router security...
    - https://krebsonsecurity.com/2011/12/...uter-security/
    December 29, 2011 - "... At issue is a technology called “Wi-Fi Protected Setup” (WPS) that ships with many routers marketed to consumers and small businesses... Setting up a home wireless network to use encryption traditionally involved navigating a confusing array of Web-based menus, selecting from a jumble of geeky-sounding and ill-explained encryption options (WEP, WPA, WPA2, TKIP, AES), and then repeating many of those procedures on the various wireless devices the user wants to connect to the network. To make matters worse, many wireless routers come with little or no instructions on how to set up encryption. Enter WPS. Wireless routers with WPS built-in ship with a personal identification number (PIN – usually 8 digits) printed on them. Using WPS, the user can enable strong encryption for the wireless network simply by pushing a button on the router and then entering the PIN in a network setup wizard designed to interact with the router. But according to new research, routers with WPS are vulnerable to a very basic hacking technique: The brute-force attack. Put simply, an attacker can simply try thousands of combinations in rapid succession until he happens on the correct 8-digit PIN that allows authentication to the device... if your router has a “WPS PIN” notation on its backside, then it shipped with this WPS feature built-in."
    > http://www.kb.cert.org/vuls/id/723755
    Last Updated: 2011-12-27 - "... Workarounds: Disable WPS... best practices also recommend only using WPA2 encryption with a strong password, disabling UPnP, and enabling MAC address filtering so only trusted computers and devices can connect to the wireless network."
    ___

    - https://isc.sans.edu/diary.html?storyid=12292
    Last Updated: 2011-12-30 03:19:11 UTC - "... Disable WPS..."
    ___

    • Linksys WPA2 setup: http://www6.nohold.net/Cisco2/GetArt...nverted=0#WPA2
    • D-Link WPA2 setup: http://support.dlink.com/faq/view.asp?prod_id=1506
    • Netgear WPA2 setup: http://kb.netgear.com/app/answers/detail/a_id/112
    • Belkin WPA2 setup: http://en-us-support.belkin.com/app/...M01qSjhSTWs%3D

    Last edited by AplusWebMaster; 2011-12-31 at 16:38.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation WPS vulnerable to Brute-Force Attack

    FYI...

    WPS vulnerable to Brute-Force Attack
    - https://www.us-cert.gov/cas/techalerts/TA12-006A.html
    January 06, 2012 - "... Solution: Update Firmware: Check your access point vendor's support website for updated firmware that addresses this vulnerability. Further information -may- be available in the Vendor Information section of VU#723755* and in a Google spreadsheet called WPS Vulnerability Testing**.
    Disable WPS: Depending on the access point, it may be possible to disable WPS. Note that some access points may -not- actually disable WPS when the web management interface indicates that WPS is disabled..."

    * http://www.kb.cert.org/vuls/id/723755#vendors

    ** https://docs.google.com/spreadsheet/...SSHZEN3c#gid=0
    ___

    Cisco WPS vuln Response
    - http://tools.cisco.com/security/cent...1-wps#Response
    2012-January-18 - Rev 2.0 - Updated information for the WRP400.

    Last edited by AplusWebMaster; 2012-01-19 at 14:05.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation WPS vuln status update ...

    FYI...

    - http://tools.cisco.com/security/cent...curityResponse

    Cisco WPS vuln - status updated ...
    - http://tools.cisco.com/security/cent...r-20120111-wps
    2012-January-27 - Revision 3.0... Updated the Cisco UC320W WPS Disable status to Yes due to release of DisableWPS.pmf**. Added Cable and DSL access products currently under investigation. Added a link to Linksys product documentation*...

    WPS vulnerability status update for Linksys devices
    * http://www6.nohold.net/Cisco2/ukp.as...rticleid=25154
    "... Cisco will be releasing firmware that allows customers to disable Wi-Fi Protected Setup to eliminate exposure to this issue... table lists affected products and will be updated with dates and firmware version numbers that include the ability to disable WPS..."

    ** https://supportforums.cisco.com/docs/DOC-16301
    Last Modified: Jan 26, 2012 - Rev. 10
    ___

    - http://www.kb.cert.org/vuls/id/723755#vendors
    Last Updated: 2012-01-28

    Last edited by AplusWebMaster; 2012-01-29 at 15:01.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #7
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation WPS PIN brute force vulnerability

    FYI...

    WPS PIN brute force vulnerability
    - http://www.kb.cert.org/vuls/id/723755#vendors
    Last revised: 10 May 2012
    Overview: The WiFi Protected Setup (WPS) PIN is susceptible to a brute force attack. A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8 digit PIN is correct. The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on many wireless routers makes this brute force attack that much more feasible...
    Impact: An attacker within range of the wireless access point may be able to brute force the WPS PIN and retrieve the password for the wireless network, change the configuration of the access point, or cause a denial of service...
    Please consider the following workarounds:
    > Disable WPS
    Within the wireless router's configuration menu, disable the external registrar feature of WiFi Protected Setup (WPS). Depending on the vendor, this may be labeled as external registrar, router PIN, or WiFi Protected Setup...
    References:
    - http://sviehb.wordpress.com/2011/12/...vulnerability/
    - http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup
    - http://download.microsoft.com/downlo...CN-Netspec.doc
    - http://www.wi-fi.org/wifi-protected-setup/
    - https://docs.google.com/spreadsheet/...FpEUDNSSHZEN3c
    - http://en-us-support.belkin.com/app/...-on-the-router

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #8
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down DSL modem hack used to infect millions - banking fraud malware

    FYI...

    DSL modem hack used to infect millions - banking fraud malware
    - http://arstechnica.com/security/2012...-with-malware/
    Oct 1, 2012 - "Millions of Internet users in Brazil have fallen victim to a sustained attack that exploited vulnerabilities in DSL modems, forcing people visiting sites such as Google or Facebook to reach imposter sites that installed malicious software and stole online banking credentials... The attack... infected more than 4.5 million DSL modems, said Kaspersky Lab Expert Fabio Assolini, citing statistics provided by Brazil's Computer Emergency Response Team. The CSRF (cross-site request forgery) vulnerability allowed attackers to use a simple script to steal passwords required to remotely log into and control the devices. The attackers then configured the modems to use malicious domain name system servers that caused users trying to visit popular websites to instead connect to booby-trapped imposter sites. "This is the description of an attack happening in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, which affected 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on DSL modems," Assolini wrote... "This enabled the attack to reach network devices belonging to millions of individual and business users, spreading malware and engineering malicious redirects over the course of several months"... The vulnerability is even more alarming since the list of affected manufacturers and models is still unknown. Users who want to protect themselves should make sure their modems are using the latest available firmware, although based on what we know now, there's no guarantee the latest release has been patched against the exploited CSRF flaw."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #9
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Linksys WRT54GL firmware vuln

    FYI...

    Linksys WRT54GL firmware vuln
    - https://secunia.com/advisories/51809/
    Release Date: 2013-01-21
    Impact: Cross Site Scripting
    Where: From remote
    Solution Status: Vendor Patch
    Operating System: Linksys WRT54GL 4.x
    Solution: Update to firmware version 4.30.16.
    Original Advisory: Linksys:
    http://homedownloads.cisco.com/downl...aseNotes,0.txt

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #10
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation D-Link DIR-300 / 600 routers vuln

    FYI...

    D-Link DIR-300 / 600 routers vuln
    - https://threatpost.com/en_us/blogs/r...ilities-020713
    Feb 7, 2013 - "... vulnerabilities in D-Link’s DIR-300 and DIR-600 routers could allow an attacker to inject arbitrary shell commands and ultimately compromise the device... Messner first discovered the vulnerabilities at the tail end of 2012 and forwarded them to D-Link who insisted the issue was relegated to browsers and that the company would not publish a fix. Messner elected to provide more information to D-Link more than a week and a half ago, on January 25. Having still not heard back yet, Messner saw fit to publicly releasing the attack details earlier this week. A post by The H-Security* claims that all current D-Link firmware versions (Version 2.13, released November 7, 2012 and Version 2.14b01, released January 22, 2013) are affected by the flaw and suggests – at least until D-Link issues a fix – to “decommission the affected browsers.” D-Link did not respond to e-mail requests for comment..."

    * http://h-online.com/-1798804
    6 Feb 2013

    - http://atlas.arbor.net/briefs/index#-1154464955
    Feb 07, 2013
    Analysis: "Many home offices and small offices use broadband connections with devices like the D-Link routers. Such environments don't often have security savvy people on staff, and the compromise of such devices can lead to all sorts of issues such as attackers planting malicious DNS servers in the device configuration that affect every system on the LAN using DHCP to receive DNS settings. In addition, an attacker could use such a vulnerability to penetrate deeper into an enterprise network by compromising a machine on the LAN and backdooring it."

    - http://h-online.com/-1800471
    8 Feb 2013

    - https://secunia.com/advisories/52080/
    Release Date: 2013-02-08
    Criticality level: Moderately critical
    Impact: Exposure of system information, System access
    Where: From local network
    ... weakness, security issues, and vulnerability are reported in the following products:
    * D-Link DIR-300 version 2.12 and 2.13.
    * D-Link DIR-600 version 2.12b02, 2.13b01, and 2.14b01.
    Solution: No official solution is currently available.

    Last edited by AplusWebMaster; 2013-02-08 at 17:43.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •