Symantec Sounds Warning on Router Passwords
Symantec warns on a vulnerability in some home broadband routers.
"This attack has serious implications and affects many millions of users worldwide," claimed Zulfikar Ramzan, a Symantec researcher and one of the authors of proof-of-concept code about the vulnerability.
The threat, dubbed "Drive-by Pharming," relies on consumers to not change the default password once they set up their router with their broadband connection. Symantec said the practice could leave up to 50 percent of some 80 million broadband homes in the U.S. vulnerable.
The warning comes about two months after Ramzan, along with Indiana University researchers began researching details of the proof-of-concept.
Unlike previous pharming attempts, no links need be clicked or software downloaded. Victims need only visit a specially-designed Web site.
Once inside, hackers could effectively change the router's DNS settings, redirecting your bank's address to an identical site maintained by attackers. "However, you'll never realize that you were at a fake bank since you trusted the address," Ramzan wrote in a blog posting explaining a potential attack.
Consumers might think they are at their banking site, but they are actually at www.stealmyidentity.com, Gartner security analyst John Pescatore told internetnews.com.
Pescatore said consumer router manufacturers favor ease of use over security. Router makers offer consumers instructions on how to change the default passwords. Linksys, for example, warns consumers to change their passwords.
D-Link said it was aware of the threat.