Your Router May Not Be Safe From Hackers

If you’ve got a router on your home computer network made by D-Link or Linksys among others, then you need to read this story where researcher Dan Kaminsky (who will give the details of his hack tomorrow at the RSA Conference) has discovered a way to take over a router using a specially crafted web page. Here’s how PC World describes the hack:

“The victim would visit a malicious Web page that would use JavaScript code to trick the browser into making changes on the Web-based router configuration page. The JavaScript could tell the router to let the bad guys remotely administer the device, or it could force the router to download new firmware, again putting the router under the hacker’s control.”

This hack relies on the fact that the administrative passwords are rarely changed on most consumer routers by the people who own them, or are easily guessed. So the best way to protect yourself from this type of hack is to do two things:

  1. Disable remote administration: This feature allows you to remotely administer the router from OUTSIDE your network. That’s a major security risk. Most routers have this feature turned off by default and you should ensure it stays that way.
  2. Change the administrative password of the router when you install it: I can’t stress this enough. You wouldn’t leave your front door open on your home. Why do the same with your router? Pick a password that is not easily guessed or has special characters in it (for example, you could pick the word “password” but type “pa$$word” instead). While you’re at it, you should do the same thing for any wireless access you may have so that you stop the bad guys from using your Internet connection behind your back.

If you’re not sure how to do either of those items, consult your manual or check the support section of the company who makes your router. They often have “how to” guides that can be of assistance.

Leave a Reply

%d bloggers like this: