Watch: Hacking an ADSL router is this easy
Majority of Internet users use average home ADSL router for broadband connection. Despite being the gatekeepers to your network, these ADSL routers can be easily hacked.ย This is because ADSL routers are low-cost consumer devices manufactured on the assembly lines somewhere in China without much of security investment or security patches or updates.
SensePost CTO Dominic White says that the home ADSL routers can be hacked in many ways due to this fact. Heย demonstrated this by running a โdrive-by attackโ on a router running DD-WRT third-party firmware. Similar attacks are possible against other router software, whileย several other types of attacks against home ADSL routers can also be executed.
โThere was a competition at Defcon last year [2014] called SOHOpelessly Broken, focusing on attacks on these things,โ said White.
White said that some of these routers may require physical access to the device, or that the attacker is connected to the same local network as the router.ย White demonstratedย a type of attack that a hacker could use that doesnโt require either of those connections โย a cross-site request forgery (CSRF).
This attack exploits the fact that users might log into their router to check or change something and then not log out. Some router firmware doesnโt even offer the option to log out. Once the ADSL router has been hacked a cyber criminal mayย set up an attack website, or have the HTML needed to execute the attack delivered over an advertising network that may not scrutinise the content of the ads it serves.
In this way, an attacker could change the username and password of routers that donโt have protection against CSRF attacks. If login to the router was previously restricted to the local network, an attacker could also make it accessible from the Internet.
You have to have access to admin user’s computer to do this Apparently. Most admins aren’t stupid like you are suggesting.
No you don’t, many people have publicly broadcasting routers – either because they have certain services set up or they have unknowingly broadcast their router. Use something like Agressive IP Scanner and you will find tons of them.
It’s actually even easier than what this guy is showing, if you use chrome, on a lot of routers, you can just use developer tools (F12) and it will show you the value it’s looking for for the username and password.
so lame… hack which depends on user loading web page before hacker can do anything…
how hack WiFi in Android mobile even we don’t know his user name and password