Seismic's Craig Heffner claims that he got a tool that can hack "millions" of gateways using a new spin on the age old DNS rebinding vulnerability, and plans to release it into the wild at the Black Hat 2010 conference next week.
He has already tested his hack on thirty different models, of which more than half were vulnerable, including two versions of the ubiquitous Linksys WRT54G and devices running certain DD-WRT and OpenWRT Linux-based firmware. To combat the hack, the usual precautions apply for the love of Mitnick, change your default password but Heffner believes the only real fix will come by prodding manufacturers into action.
Read more on "Researcher will enable hackers to take over millions of home routers"!
He has already tested his hack on thirty different models, of which more than half were vulnerable, including two versions of the ubiquitous Linksys WRT54G and devices running certain DD-WRT and OpenWRT Linux-based firmware. To combat the hack, the usual precautions apply for the love of Mitnick, change your default password but Heffner believes the only real fix will come by prodding manufacturers into action.