An ADSL router is also known as a DSL modem. The router is used to
connect the computer to the DSL phone line for using the ADSL
service. BSNL and MTNL rolled out many ADSL router cum modem during
the peak days of rising internet customers in India.
Today we
will have a quick view on how can an attackers gain access and
exploit vulnerabilities in the router. We will be using an IP
scanner and a browser.
Beginning
with Scanning
Being one of a broadband user, I used my own IP to scan for IP
range. There are many IP range scanners available over the internet. I
have used angry IP scanner here. We will check for the alive IP
addresses in the range.
Quickly, I checked my IP and entered a range in the angry IP
scanner. After few scans, I found couple of them as shown in the screen
above.
Gaining Remote
Access
I just checked in few IP's to see whether
remote access is available to the router. And believe me, most of the
routers had remote access turned ON by default. A big point to be noted
is that most routers had default password activated like combo of
username and password like admin-admin or admin-password. That means any
one with such an IP address, can easily gain access to a remote router.
Here is the screenshot of one of the hacked router with default
password settings.
Vulnerabilities and Exploitation
Here we will have some of the common vulnerabilities and
exploitation techniques that can be used by an attacker.
Weak Password: An attacker can easily
compromise the router as most of them have default passwords set.
Sniffing: The attacker could specify a static
route passing through his network for the victim's router and sniff
the traffic from the victim. [SSL Strip + Ettercap + Wireshark]
Phishing (using DNS Redirection): The access to
the router as we've seen is easily available. The attacker could
specify a fake DNS server for the victim router and could carry out
phishing attacks. The attacker can change the ISP's DNS servers to
his own controlled DNS server, thus making a redirection of DNS for
phishing. This attack is believed to be one of the most stealth
attack on this kind of scenario.
Here is the picture demonstrating DNS
Redirection,
Conclusion
Most of the home routers are left out in default configuration state &
can be hacked easily. The password vulnerability can easily exploited
which later can result in havoc for a user. A little bit of user
awareness is required to keep themselves safe.
The default router password should be change immediately.
Keep strong passwords rather than plain one's that can be
easily guessed or brute forced.
Keep monitoring your routers logs.
Some new routers have option to disable remote access. It
is recommended to disable any such remote access doors.
