Hacking an ADSL router is this easy

Without being on the same network as the router, this attack just wouldn't be possible so the likelihood of being able to pull this off is very low.
 
Pfft...useless hack! Hardly easy - you need to be on the same subnet as the user and then get them to run a link for CSRF. How often would a user logon to their ADSL router anyway.

If you have physical access to the device most things can be hacked.
 
Hardly easy - you need to be on the same subnet as the user and then get them to run a link for CSRF.

If you have physical access to the device most things can be hacked.

Exactly. If a hacker is already on your subnet then you probably have bigger problems than him trying to hack your router.
 
Articles like these need to inform users on how to remedy common, and not so common, user mistakes.

Just type in the default username and password. Got access to 2 d-link routers like that.

I have access to 4 wifi networks in my security complex because the fools didn't change their passwords. Even after I warned them, they still haven't changed a thing.
 
I know the author of the article.
He is right, particularly about cheapie routers. i.e. the freebies that ISPs throw in.
The vulnerability is there, especially if you can get in via Wi-Fi.
 
Articles like these need to inform users on how to remedy common, and not so common, user mistakes.

Just type in the default username and password. Got access to 2 d-link routers like that.

I have access to 4 wifi networks in my security complex because the fools didn't change their passwords. Even after I warned them, they still haven't changed a thing.

Eina... they'll be in for a rude shock. Especially if somebody did a Joe Job/CoJ job from their wifi network...
 
And grabbing the hidden passwords is also a joke if you have access to the machine.
Tips that us IT slaves like to keep to ourselves! ;)
 
And grabbing the hidden passwords is also a joke if you have access to the machine.
Tips that us IT slaves like to keep to ourselves! ;)

Yup. got into many a router using said method!
 
#yawwwwwwwwwwwwwwwwwnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn!!!!!!!!!!!!!!!v:whistle:
 
Pfft...useless hack! Hardly easy - you need to be on the same subnet as the user and then get them to run a link for CSRF. How often would a user logon to their ADSL router anyway.

If you have physical access to the device most things can be hacked.

It was a rather strange demonstration that you'd have to get the user to run a link essentially to post to the router whilst the user is logged on - hardly impressive - might as well just get them to run a keylogger and then have the legitimate password when they log into their router in the future but I guess this looks "impressive" to the general public.
 
It was a rather strange demonstration that you'd have to get the user to run a link essentially to post to the router whilst the user is logged on - hardly impressive - might as well just get them to run a keylogger and then have the legitimate password when they log into their router in the future but I guess this looks "impressive" to the general public.

Yes, and considering the type of users who'd be vulnerable to this type of attack would never be logging onto their own routers anyway.
Dumb hack. I mean, clever on the technical side, making the fake web page to post the data, but not at all practical.
 
Where a router hack becomes valuable is to do DNS changes, then you can do any man in the middle attack and get passwords for what ever from banking to social media to email. Valuable when you can get multiple credentials like bank and email - then you can OTP sent to email and read the email for OTP.
 
Where a router hack becomes valuable is to do DNS changes, then you can do any man in the middle attack and get passwords for what ever from banking to social media to email. Valuable when you can get multiple credentials like bank and email - then you can OTP sent to email and read the email for OTP.
The problem there is all the banking sites are ssl and most mail is now encrypted. You would have to do mitm attack with a fake cert but then your browser would complain.
 
The problem there is all the banking sites are ssl and most mail is now encrypted. You would have to do mitm attack with a fake cert but then your browser would complain.

Although an issue there is a way around it. Keep everything in http or get them to install a fake root CA
 
However, a lot of those attacks require physical access to the device, or that the attacker is connected to the same local network as the router.

:erm:
 
Top
Sign up to the MyBroadband newsletter
X