A vulnerability in more than 1 million small office and home office (or SOHO) routers makes them potentially vulnerable to remote attacks that could expose private internal network traffic to prying eyes, according to a warning posted by the firm Rapid7.
The folks over at the web security shop Sucuri have an interesting post today that warns of a web-based attack launched from the site of a popular Brazilian newspaper that is targeting home broadband routers. According to Sucuri, researchers investigating a breach at the web site politica . estadao . com . br uncovered evidence that the hackers were using iframe attacks to try to change the DNS configuration on the victim’s DSL router, first by trying a brute force attack on the router’s default credentials. According to Sucuri, the payload was trying to crack default accounts like admin, root, gvt and other common usernames and a variety of known-default router passwords. Small office and home office (or SoHo) broadband routers are an increasingly common target for cyber criminals because many (most?) are loosely managed and often deployed with default administrator credentials. [Read Security Ledger coverage of home router hacks here.] In March, the firm Team Cymru published a report describing a widespread compromise of […]
Wired’s Kim Zetter reports on (independent) reports by two researchers that show how home alarm setups can be hacked remotely, from as far away as 250 yards. The vulnerabilities could allow a malicious actor to suppress alarms or create multiple, false alarms that would render the system unreliable (and really annoying). Zetter profiles the work of Logan Lamb, a security researcher at Oak Hill Ridge National Lab who conducted independent research on three top brands of home alarm systems made by ADT, Vivint and a third company that asked to remain anonymous. She also cites work by Silvio Cesare, who works for Qualys who studied common home alarm systems sold in Australia, including devices manufactured by Swann, an Australian firm that also sells its systems in the U.S. Both discovered a litany of similar problems, Zetter reports: The systems use radio signals to report when monitored doors and windows are opened, but fail to encrypt or authenticate the signals being […]
Home routers and wi-fi access points are the canaries in the coal mine for security on the Internet of Things. Simply put: they’re ubiquitous, Internet-connected and innocuous. Unlike mobile phones, wi-fi routers aren’t in your pocket – buzzing and ringing and demanding your attention. In fact, it’s safe to be that the vast majority of Internet users are concerned wouldn’t know how to connect- and log in to their router if they had to. But appearances can deceive. Broadband routers are, indeed, mini computers that run a fully featured operating system and are perfectly capable of being attacked, compromised and manipulated. We have already seen examples of modern malware spreading between these devices. In March, the security firm Team Cymru published a report (PDF) describing what it claimed was a compromise of 300,000 small office and home office (SOHO) wireless routers that was linked to cyber criminal campaigns targeting online banking customers. In January, […]
A week that has already been full of standards news for the Internet of Things added more with the unveiling of Thread, a proposed communications standard backed by Google’s NEST group that promises a “new and better way to connect products in the home.” Google was joined by Samsung, Freescale Semiconductor, ARM, smart lock maker Yale Security and Big Ass Fans (favorite company name ever) in forming The Thread Group to promote Thread. In a press release on Tuesday, the group said that the Internet of Things presents unique challenges that are not well met by existing wireless communications technologies such as Wi-Fi, ZigBee and Z-Wave. In contrast to those technologies, Thread focuses exclusively on network connectivity, not application-layer exchanges and connection management. Thread Group says existing application protocols and IoT platforms can easily run on Thread networks. Specifically, it uses 6LoWPAN (IPV6 over Low power Wireless Personal Area Networks) to create 802.15.4-standard mesh networks of smart […]
