A researcher by the name of Dan Kaminsky will soon be unveiling an attack that could be used to hijack certain routers. This web-based attack can be used to gain complete access to your router and change settings within. By doing this, a hacker could change the DNS settings to hijack the user to an unknown location on the internet.

A DNS related attack could be used to make a user think they are going to a legitimate website, while actually redirecting the user to a malicious website that can be used to steal identity or track online activity. Both are a serious breach in online safety. The main problem is that the user would have no idea this is happening. The browser would still show that its directing to the correct address. Also, because this attack happens at the router and not on the computer, Antivirus and Anti-Malware solutions can not detect it.

This attack can be loaded via JavaScript code from a malicious or hacked website which would trick the browser into logging into an improperly setup router and changing the settings. It could either set it up so that a hacker could get in from the outside, or more likely, force the router to download a hacked firmware which sets up the DNS hijack.

Experts have long believed that this attack was possible, but Mr Kaminsky’s demo will show that its no longer just a theoretical attack. Now that its become public, someone with malicious intent will take advantage of the technology. Its time to take action to make sure you aren’t a victim.

What can you do?

First, change the default password on your router. Even if you make it something simple, at least it wont be the default password anymore. The attack outlined by Mr Kaminsky is a simple one that takes advantage of a router that’s running completely default like you get it from the factory.

Second, change the name and IP address of your router. Your router does not have to have an internal address of 192.168.1.1 or 10.0.0.1. Change that to 192.168.2.1 or 10.0.0.100. Anything that will make an automated attack fail.

Third, use the DNS servers of your ISP rather than pointing your DNS to the router. This is a more advanced suggestion, but a good one. When you use a router, it gives you an IP address from its internal DHCP server. In the process of doing this, it sets itself as the DNS authority. You can change this in your network settings.

All these recommendations are not meant to make your life difficult. Your ISP should be able to help you do most of these things, or you could post asking for help in our Networking forum. One of our staff or users should be able to assist you with making the necessary changes.

Its important to note that this attack is not specifically a bug with the router. This attack takes advantage of JavaScript and the browser to make changes to the router. Because of this, almost any router on the market is vulnerable.