Router Vulnerability

**Viktor_Olin** · 07-23-10, 04:57 PM

The upcoming Black Hat security conference in Las Vegas offers an annual parade of security researchers revealing new ways to break various elements of the Internet. But few of the talks have titles quite as alarming as one on this year's schedule: "How to Hack Millions of Routers."

http://blogs.forbes.com/firewall/201...e-to-web-hack/

Apparently not a new issue. At a minimum, change the default password on your routers, folks, and make it a good one!

**WileECyte** · 07-23-10, 05:27 PM

The list the guy provided as being vulnerable is also a bit suspect. He lists DD-WRT as being vulnerable, but it's an old version, not the current one.

**Viktor_Olin** · 07-23-10, 05:32 PM

Well, my router's on the list as vulnerable. I don't plan to upgrade routers anytime soon, but I did just lengthen my router password (it wasn't the default, by the way).

**flame** · 07-23-10, 05:40 PM

if someone lived close enough to me, I might password my router

**Viktor_Olin** · 07-23-10, 08:06 PM

Originally Posted by flame

if someone lived close enough to me, I might password my router

Read the article, flame. The vulnerability is from web browsing, not wardriving or your neighbor's wireless adapter. It has nothing to do with potential wireless vulnerabilities.

**BrokenApe** · 07-23-10, 08:15 PM

I would think up to date firmware for the router would help as well in many of these circumstances? At least the latest update I d/l for mine said it included "security updates"

**Viktor_Olin** · 07-23-10, 08:29 PM

My router's latest firmware update is five years old. I may have to consider a more secure, open source firmware upgrade.

However, now that I study the chart of tested routers, and after confirming the firmware version on my router, I see that the tested firmware was an older version than mine. So, perhaps I'm safe after all.

(Sleeps soundly due to the illusion of security).

**flame** · 07-23-10, 09:05 PM

I have a dlink, showed not vulnerable. and I changed the actual router pw to ****** wouldnt want to give away my secret
but as far as pw to access it, never used one. and more than a few companies set the pw to their phone number, used that trick to hop on a few times