Skip to main content

New hack exploiting router vulnerabilities discovered in Brazil

A new hacking technique was spotted in Brazil, using vulnerabilities in the user's home router to divert the victim to a fake site and steal his personal data.

The technique, first spotted by the security firm Proofpoint (opens in new tab), exploits security flaws in home routers in order to get to the admin console. Then, the hackers change the routers' DNS (Domain Name System) settings, and thus can divert the unsuspecting victim to a fake site even if he types the right name in the browser.

This type of attack is known as pharming.

Pharming is not an easy task, though, as it requires access to an ISP’s or an organisation’s DNS servers. Those DNS systems are typically well-protected, but not home routers.

"Attackers use poisoned DNS servers to redirect address requests, usually for online banking sites, to a realistic but completely fraudulent site in order to harvest the online banking credentials of the unsuspecting end-user," Proofpoint writes.

"Pharming is generally a passive attack technique, in that it requires waiting for a DNS lookup from a potential victim to be routed to the poisoned server."

This type of attack means not only that the hacker can divert the victim to a site even if he types the address correctly, but it also means that the hacker can perform the man-in-the-middle attacks.

Such types of attacks mean the hacker can intercept emails, logins and passwords for websites, and hijack search results.

Over the course of four weeks, from December 2014 to mid-January 2015, Proofpoint researchers detected four distinct URLs distributed in a relatively narrow campaign of less than 100 email messages sent to a small number of organisations, and targeting primarily Brazilian users.

The attacks were aimed at customers who owned UTStarcom or TP-Link home routers.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.