Millions of Home Routers Will Soon Be Hacked

Page 3 - Seeking answers? Join the Tom's Guide community: where nearly two million members share solutions and discuss the latest tech.
Status
Not open for further replies.

FloKid

Distinguished
Aug 2, 2006
181
0
18,630
This guy's a retard. Why make it public when half the people on this planet don't even know what a router is. Just send the info to people who can actually fix it and have no emo to spend their entire lives on something that gets fixed eventually anyways.
 
G

Guest

Guest
^-- Yes.

There are laws against executing code that will break into a secure system. But, freedom of speech protects your right to author such code or even tell people how to break into a system.

There are all sorts of books, articles, and media that teach you how to make bombs. Much different than actually building one and using it.
 

Camikazi

Distinguished
Jul 20, 2008
745
0
18,930
[citation][nom]chickenhoagie[/nom]very smooth trick to gain quick access to someones router..but anyone would be quite the fool to not use a good password for their router.[/citation]
Routers are now a standard part of broadband by cable/phone/satellite companies, which means they are not in the domain of tech geeks only. That also means that non-enlightened people now have routers and those same people have no clue how to change the password or that they even should change the password. Hell most of these people don't even know that box the company gave them is a router, and there are MANY of these people around.

The common people have routers, which means there are a huge amount of them that are unsafe now, it's how things work. Once something becomes so common it's easily obtainable you tend to see the cases of unsafe tech increase.
 

hoofhearted

Distinguished
Apr 9, 2004
423
0
18,930
Think about it, if someone gains access through your router, they could actually root your Windows PCs:

(1) has a mini db of web requests to control router functionality such as opening ports
(2) lists all the services (such as tasklist /svc | find "CryptSvc" - to get the "right" instance of svchost.exe)
(3) capture the PID from (2)
(4) list the socket it is on (such as netstat -ano | find "PID")
(5) simple ipconfig to get a PCs ipaddress (or maybe part of the script can list the DHCP client PCs from the router)
(6) open that port on the router ad viola, they have a control path to your PC behind your firewall
 

Regulas

Distinguished
May 11, 2008
520
0
18,930
"The hacker could then hijack the browser and access the router's settings."

OK but what if you are smart enough to password your router, not the WiFi but the router settings themselves. I always password the router itself with the longest password, garbled character set it will allow. When I access my router settings I always connect with a wire and never save the password to my key-chain either. The password is so long I keep it in a pass-worded Open Office document and cut and paste to gain access.
Anyone really good with this subject out there, can this stop it?
 

palladin9479

Distinguished
Jul 26, 2008
193
0
18,640
This doesn't make sense. How would an external website even know the internal network IP settings involved? Unless he's mentioning the people that keep their local IP's set to 192.168.1./24. What happens if your local subnet is something other then the routers default? Routers don't answer web-requests to their external interfaces so he would have to get the request sent to the internal interface and hence would need the IP involved. He could try the loopback (127.0.0.1) but how the hell can u get a packet there?
 

amnotanoobie

Distinguished
Aug 27, 2006
134
0
18,640
[citation][nom]yellowblue[/nom]Will it affect dd-wrt?[/citation]

Also wondering the same thing, would the mentioned routers still be vulnerable when running DD-WRT/Tomato/OpenWRT?
 

AMDnoob

Distinguished
May 3, 2009
81
0
18,580
First of all, somebody ban tradeshoes, second, my fucking router is on the god damn list. What a DOUCHE BAG!!! Maybe I'm over reacting, alot of you will say just get a new router... but honestly I feel vulnerable about this. This isn't righteous just plain violation of somebody's privacy! This asshole will hardly teach anybody this "lesson". If I hadn't been turned onto computers in the last years and decided to visit TH regularly I would have probably NEVER EVER heard of this. I would have NNNEEEVVVEEERRR Known my router was so easily manipulated. And guess what, probably about 80% of the owners of those faulty routers will never know that they're privacy easily has the potential the be violated. We all know somebody who's technologically stunted here I'm sure of it. This is useless except for the few who know what this article means, let alone the few who'll ever actually see this article. GAH >.< I'm so pissed that a guy who I don't even KNOW is basically forcing me to blow 40-50 bucks on a new router... If I ever meet this guy I'll DNS rebind his ASS!
 

chickenhoagie

Distinguished
Feb 12, 2010
311
0
18,930
[citation][nom]palladin9479[/nom]This doesn't make sense. How would an external website even know the internal network IP settings involved? Unless he's mentioning the people that keep their local IP's set to 192.168.1./24. What happens if your local subnet is something other then the routers default? Routers don't answer web-requests to their external interfaces so he would have to get the request sent to the internal interface and hence would need the IP involved. He could try the loopback (127.0.0.1) but how the hell can u get a packet there?[/citation]
think of it this way. when you access your router settings you're typing in the ip address of your router. in this case, when you click on the malicious link, it is tricking your computer into thinking that you're typing in the router's ip address when in reality, this malicious hack is actually typing it in and accessing it from that location. its a very simple loophole that is completely overlooked, however very fixable and avoidable with a good router password, and of course watching what you click on. not to mention some routers are smart enough to see these loopholes.
 

need4speeds

Distinguished
Jan 6, 2009
52
0
18,580
My linksys befsr41 vers 3.1 is not on the list but the vers 4.1 is so i would assume mine is also on the list even though it was not tested. It is a standard older 4 port switch/hub that routes the internet. Of course it can be hacked since it lacks any type of firewall or password protection. It is the same as plugging your internet directly to the lan card without a router at all.
These older routers all just redirect what the cables plugged into them have. The internet is the same as if it were plugged directly into the cable box.
If you have this type of router on the internet and a network, only share folders on the network that have stuff like music folders that are backed up since anyone can change or delete files in the shared folders at will. Since you are really offering to share these folders with the world, unplugging your lan cable at the internet box while sharing other more important folders on the network or when not using the internet is a easy way to stop hackers from your network when moving files between computers. Your network will still work without the internet. Each computer is dependent on its own antivirus/internet scanning/firewall. This will help only somewhat.
Do not leave your network plugged in to the cable box 24/7, only plug it into the internet when you are using the internet.
Most look for a RELIABLE internet connection to hack, so they can redirect files or sites with your internet, or use your computer as a file server. Disable in the bios wake on lan, this feature allows the computer to be turned on via the lan cable, so you have all your computers off, they can be started up and used when you are not using them!.
If you need better security buy a new wireless router even if you only need wired connections, these routers have better password protection and firewalls than the older style router i have.
I doubt that the hack he is releasing is anything new to hackers, i'm not a hacker but understood how poor my router was many years ago, but hacking would be actually working to get into something, that is not the case with these older routers since they simply let anyone in.
You also have a bit of safety in numbers, with millions of computers to hack, the chances of yours is reduced simply because noone has time to hack them all. But you never know?

Did you know this is a trap? Give the software out to make it even easier to hack. Then track where they hack with it. It is easy for internet servers to keep logs, then they just simply suspend the offenders internet account. Its easier than trying to find all the hackers. entrapment? sort of i suppose.
If the internet prov
 
Status
Not open for further replies.