Defcon Conference revealed serious safety problems such common devices such as routers for home and office. As it turns out, many models of routers at this level are subject to vulnerability, dubbed RPEF (Router Post-Exploitation Framework). This title can be translated as "the technology of using a router in an arbitrary order after the gain control." Features, which opens this vulnerability, are endless: from the false DNS-service and traffic to eavesdropping attacks on the full-scale distributed denial of service with centralized coordination.
Description of vulnerability presented RPEF Michael Coppola (Michael Coppola) of the company's VSR (Virtual Security Research). According to him, subject to the problem of accurately model router Netgear WGR614, WNDR3700 and WNR1000; Linksys WRT120N; TRENDnet TEW-651BR, and TEW-652BRP; D-Link DIR-601 and the Belkin F5D7230-4. In the future this list can greatly expand.
Needless to transform your home or office router to the controlled "zombie", you must first take control of them and install the new firmware. This can be done if the router's web interface is open for access from the Internet (and not just from the local network). Research has shown that these routers around the world working very, very much.
Nevertheless, even if your router is properly configured, access to the web interface from the Internet is open, you still can not feel safe. Pervayns Phil (Phil Purviance) and Joshua Brashars (Joshua Brashars) of the company's AppSec Consulting showed how to use modern technology attacker without the user can get the password to the router's admin interface (through the browser history and other methods), which ultimately gives potential access to the router flashing.
It is worth noting that the most susceptible to vulnerabilities were popular custom firmware routers based on the well-known tools DD-WRT open source. Enough to visit a Web site with malicious JavaScript-scripts using the same browser, through which you control the router: one gets a detailed description of the model router internal settings and other information. Chance of changing the firmware to see a little bit - many modern routers allow you to store all user settings in a separate memory chip NVRAM, which remain even at full flashing. We prove the theoretical possibility of a malicious firmware containing a botnet client modules, and the kind of web interface will be indistinguishable from the original.
It is worth adding that botnets of routers is not an abstract threat. Back in 2009 the company discovered DroneBL worm that infects routers and DSL-modems running system Mipsel, one of the options based on the Linux build Debian. In 2011 experts from antivirus company Trend Micro found a similar malicious software in Latin America - the worm hit the D-Link routers, and self-destruct when you reboot. With the discovery of new vulnerabilities this threat could become permanent - Malicious software can become part of the firmware and will no longer disappear when you reboot, so the problem will be found very easily.
I'm using Kaspersky security for a couple of years, and I'd recommend this anti virus to all you.
ОтветитьУдалить