gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
75425 Posts in 13205 Topics by 2645 Members - Latest Member: Scooly November 19, 2017, 02:46:49 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Silently owning Modems and Routers, are you at risk?
gfx
gfxgfx
 

Author Topic: Silently owning Modems and Routers, are you at risk?  (Read 1449 times)

0 Members and 1 Guest are viewing this topic.

Offline Pri

  • MX Hosts
  • *****
  • *****
Silently owning Modems and Routers, are you at risk?
« on: January 20, 2015, 02:45:50 pm »
Interesting article: http://www.gironsec.com/blog/2015/01/owning_modems_and_routers_silently/

Basically the gist is that many modems and some routers can be exploited through CSRF (Cross-Site Request Forgery) attacks. Meaning simply by visiting a website you can be made to run Javascript or in some cases just a HTML iFrame which makes a request to your Modem/Router through your local network. Since your computer is already inside your own network the protections on these devices which only block access from the internet don't have any effect against this type of attack.

Using this attack it's possible to restart your modem knocking you offline momentarily, change your modem settings keeping you offline permanently (or until you find the malicious changes to your modem and undo them) and in the cases of affected routers they can completely take control of your router, changing your DNS records compromising all the computers in your local network and even uploading custom firmware images for further malicious intent (botnet etc)

Many years ago I had a modem which was susceptible to this attack a Motorola Surfboard. And I know many people who still own those and other affected devices in the article. For example Netgear routers which haven't had their username and password changed from the default one are susceptible.

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: Silently owning Modems and Routers, are you at risk?
« Reply #1 on: January 20, 2015, 05:46:59 pm »
I saw a similar article last week regarding a ddos engine service.

http://www.theguardian.com/technology/2015/jan/12/lizard-squad-lizardstresser-hacked-home-routers

This too relies on poorly secured modems that can then be taken over  :alien:

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Silently owning Modems and Routers, are you at risk?
« Reply #2 on: January 21, 2015, 12:25:45 pm »
clever code... that the browser shouldnt execute.... im glad my router(s) wont do anything without my password o_o ...

Offline MinersLantern

  • Forum Member
Re: Silently owning Modems and Routers, are you at risk?
« Reply #3 on: January 23, 2015, 07:10:24 am »
Mine is password and username protected as well, but that can be bypassed.

I have no idea how even now. But on one of my many requests for service from the ISP to send out a tech, one of them actually came into the house, sat down and on the same modem that I had changed everything on,  he proceeded to type in his own few characters. Instant access.

The few techs that know what they are doing as to your piss poor connection and how to fix it, are quite able to intercept your connection itself and watch everything going on with the modem itself in realtime. They dont bother to ask you for your password.

Backdoors exist on modems.

Its likely available on the GoogleTubesNET, but im too lazy to look for the one the ISP uses to get access.

But the thing is, if the backdoor exists, it is known by hackers too. Changes to the thing for admin access are just a small tiny bit of security. In no way secure.



Offline MinersLantern

  • Forum Member
Re: Silently owning Modems and Routers, are you at risk?
« Reply #4 on: January 23, 2015, 07:36:26 am »
If an edit were available here, that would be nice.  ;)

I had one tech, after months of messing around calling the stupid ISP every week. Them replacing.. everything. Who got in via the backdoor remotely from his service van.

He recorded everything done by us, watched everything the modem was doing, all this from his house while he was asleep.

A very old guy who looked like Santa Claus. This was after spending a few weeks ripping up underground lines and replacing them and all kinds of expensive stuff.

Once he got access and watched what was going on, he found the real problem. The interface card at the main connection 2 miles away.

That took all of one day.

Since we moved here to the outback desert, the internet hasnt worked at all. Dropping every few minutes, the phone just as bad.

It took 2 years of service calls to the ISP to get this thing working properly.

And, yet another one, who can and will connect to your modem, on the sly. To find out the real issue.

He finally fixed it too. Nice stable telephone and internet connection.

Same problem, the card at the interface 1.25 miles away, was toast.

For some reason, providers hate the idea of changing the card.

It practically requires taking out guns and holding them hostage.

They will spend thousands of dollars to change everything, with no result. The most likely point of failure is last.

Anyway, backdoors exist in modems. The techs who know wtf they are doing use them all the time, no doubt so do hackers.


Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Silently owning Modems and Routers, are you at risk?
« Reply #5 on: January 23, 2015, 11:04:49 am »
isps use customised firmware... that is enough in and of itself to do what they want with the modem...

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Silently owning Modems and Routers, are you at risk?
 

gfxgfx
gfx
©2005-2017 WinMXWorld.com. All rights reserved.
SMF 2.0.14 | SMF © 2017, Simple Machines
Page created in 0.036 seconds with 24 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!