By Willie Jones
How secure do you feel about the wireless router you use at home? Maybe more than you should. Researchers at AppSec Consulting Inc., in San Jose, Calif., reported new vulnerabilities at the annual Black Hat computer security conference, which took place from 21–26 July in Las Vegas. To be sure, compromises to routers, switches, printers, and other frequently networked hardware have been discussed at Black Hat as far back as 2006.
But the associated attacks were hard to pull off back then, so the problem was never addressed. This year, though, the AppSec team demonstrated their exploit using a popular type of Linksys router. As reported by Information Week, after getting a computer user to go to a malicious website, the site pushed a JavaScript app instructing the Web browser to relay information about all locally-connected devices—including the router. A brute force attack—or in too many cases, an educated guess—can easily yield the router’s login information and thus access privileges that let the attacker install malicious firmware.