Drive-By Pharming

Just when you thought Internet security couldn’t get any worse, a new hacking technique has come along that’s about as scary as it gets: Drive-By Pharming (DBP). DBP occurs “when attackers create a Web page or e-mail that, when simply viewed, results in substantive configuration changes to a home broadband router or wireless access point”. In simple English, this means that there are hackers out that that have written code that can change the settings on your home router simply by viewing an “infected” web page or HTML email.

This is scary for two reasons:

1) All you need to do is view a web page or HTML email. You don’t have to click on anything or download any type of file from an infected site – just viewing the page is enough to cause an attack.

2) The hack changes the DNS server configuration on your router. DNS servers are computers that your ISP uses to convert human-readable web addresses (such as bankofamerica.com) into a numerical IP addresses that computers on the Internet use to communicate with each other (such as 64.192.54.198). A hacker could set up a web server with a bunch of fake (but authentic looking) sites for banks and other financial institutions, then set up a DNS server that points to these fake sites. He could then set up a website or send out an email with malicious code inserted which changes your DNS settings to use his DNS server instead of your ISPs server. What makes this so scary is that the change would be invisible to you. Once infected, you could open a web browser and type “bankofamerica.com” into the address bar, and since your computer relies on DNS to connect to any website, it accepts whatever the DNS server tells it… so there wouldn’t be any way for you to know that you’re going to a fake website!

Thankfully, most DBP exploits are easy to guard against simply by changing the password on your router. As many as 50% of home users (and a smaller, but still substantial number, of business users) never change the default password of their routers. Hackers know this, and they also know what those default passwords are… so hacking in to millions of routers is a piece of cake. By changing the default password to something else – anything else – you can stop these attacks from happening to you!

Read more about it here.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.