News from Heise: 26.05.2015
If you have a insecure Router, you are in trouble.
Attackers are using a (until now) unknown exploit kit to attack more than 50 router models/firmware versions.
They are trying to detect weak spots of the routers and exploit them like changing the DNS-entries, this way the attackers/hackers can redirect the traffic of the victim through the hacker’s server and fish for Onlinebanking, Facebook, Amazon, Ebay, E-Mail passwords etc. etc. etc.
They even could reconfigure a Fritzbox to call EXPENSIVE PHONE NUMBERS ARBOAD. (Fritzbox-Dialer-Exploit or the 4000€ Phonebill)
In the „least“-worse case, they can extract the WPA-WLAN-Key and DSL-Internet-Access passwords (which is already pretty evil)
This is how EASY it is to extract those settings from a Fritzbox 7270:
The STUPID programmers RETURN THE COMPLETE SETTING PAGE (hidden), WITHOUT LOGIN! *OMG* I NEVER WOULD HAVE EXPECTED THEM TO BE THIS STUPID.
Mai 2015: The kit is targeting routers of: Asus, Belkin, D-Link, Edimax, Linksys, Netgear, TP-Link, Trendnet and Zyxel.
A complete list of Routers can you find here:
What do we learn:
#0. Routers with Firmware-Auto-Update feature IS A MUST. (the vendor can not blame you for not doing the update)
The Fritzbox 7490 does that. (finally)
1. DEACTIVATE AS MUCH UNUSED SERVICES/SOFTWARE AS POSSIBL!
1.1. On the Router: DEACTIVATE WPS, UPNP! IT’S ALL FLAWED AND CRAP.)
2. USE OPENDNS AND VIRUS SCAN SOFTWARE ON EVERY PC ACCESSING THE INTERNET VIA BROWSER AND AN MAIL.
BETTER: HAVE A SEPARATE NETWORK, FOR BROWSING (PRIVATE) AND WORK (SENSITIVE DATA).
Better: Asign the OpenDNS Servers IPs directly to your DSL Router: 18.104.22.168 and 22.214.171.124
3. it is IMPORTANT for IT-professionals and Super-Users to keep an eye on security-news.
4. SEND YOUR IT PROFESSIONALS ON IT-SECURITY TRAININGS ON A REGULAR BASIS (ATLEAST YEARLY!)
like the CCC Congress
or get certified:
Sources / Links: