Playfully hacking on things that matter

Change your wireless router password right now

Change your wireless router password right now Yesterday I was honoured to attend my first School of Computer Science Industrial Advisory Board meeting at Birmingham University. Amongst the esteemed people I was mixing with I got talking at length to Andrew Watson from Object Management Group and the man behind no2id.net - a very convincing series of arguments on why the compulsory ID card scheme tabled by the Government is both impossible and a bad idea. We got onto the subject of security (amongst other things), and I was shocked to hear about a very worrying new threat which could affect anyone with one of the new range of wireless routers. Got one? I suggest you read on. If you are one of the many people who has bought a wireless (or indeed one of the wired versions) recently, you will no doubt have been given the option of changing the default administrator password when you set it up. There are many people who ignore this, thinking it's not necessary. Suffice to say that unless you want your personal data stolen and misused I advise you to log in to your router right now and change that password to something else. By default, routers come with a default user of 'admin' and a standard password, either blank or 'admin', or other easy to guess words. Some smart hackers noticed this trend and have created a Javascript which will allow them to gain access to all of your internet usage. Here's how it works: 1. You visit a site that is set up by a hacker, which includes a hidden Javascript. 2. The Javascript runs in the background when you load the page, and by default tries to access some of the common locations for your Router's control panel - 192.168.0.1:80, etc. 3. When the script successfully finds a login page, it tries to log in to the router using standard factory setting usernames and passwords. 4. If it manages to get in, it then navigates to one of another standard list of locations for where the DNS servers are set. These are the servers which tell the Router where to 'look' for a given internet address, and translate things like 'www.steflewandowski.com' to  '82.138.243.41', which is then used to send requests for web pages etc. 5. It changes whatever DNS servers you have set up by default to DNS servers owned by the hackers. So let's say for argument, to my server - 82.138.243.41 6. From then onwards, every single request you make to any web page, email program or anything else to do with the internet is then first sent as a request to that DNS server (in this case mine). 7. Then this is the clever bit. A couple of weeks later, when you log onto your internet banking site using your username and password, the hackers have cleverly set up a fake website that looks identical to your bank's and all of a sudden the hacker has your username and password. The same thing could apply to your email account or any other sensitive site. So - right now, go to your router's control panel and change that password if you haven't done so already... More about this security issue here.
blog comments powered by Disqus