AnÂ annualÂ Black Hack SecurityÂ conferenceÂ isÂ comingÂ and there is reports that the securityÂ conferenceÂ will show how to hack many of standard off the shelf routers that is used forÂ residentialÂ internet connection. Craig Heffner claims that he has a tool to hack millions of off the shelf router that is usually used inÂ residentialÂ internet connection via a new breed of the old DNS rebindingÂ vulnerability. Craig plans toÂ releaseÂ the tool into the wild at the annual Back HackÂ conferenceÂ comingÂ at the end of the month. HeÂ claimsÂ he already tested the hack on 30 different routers and more than half of the routers were vulnerable (including most Linksys, Dell, Belkin, and Verizon FIOS or DSL Routers), not to also mention routers with DD-WRT and OPENWRT and PFSense (a list isÂ availableÂ online from Google Docs).Â Heffner adds in that potential fixes like Open DNS and Firefox’s NoScript will not prevent the exploit, even browsers.Â The hack will trick the users into visiting a page that the attacker has set up with Heffner’s exploit and hack the router used to steal user info and/or redirect the user’s browsing. Although there has been many of patches over the years, this still needs to be fixed. One of his tricks if to create a site that lists the visitor’s own IP address as an option, and when the visitor visits the trap site, a script will run that switches to an alternate IPÂ address, whileÂ allow traffic to be redirected andÂ interceptedÂ not to also mention give the hackerÂ accessÂ to theÂ victims’ local access. Heffner said that the only way to get in is that the method still requires gaining access to the network, usually by using a vulnerability in the device’s software or using the standardÂ defaultÂ router.
Heffner believes that releasing the tool will push router manufacturers to fix the exploit and release a patch to people. In the meantime, the best is to stay up to date with your router and change the router’s password.