Monday, February 3, 2014

Better check if your router is leaky. He did not work and ... - Gazeta.pl

In mid-January the network, reports emerged of a new hole in the software detected a number of routers. The list of models includes, among others “TD-W8901G”, “TD-8816″, “TD-W8951ND”, “TD-W8961ND”, “D-Link DSL-2640R”, “ADSL Modem”. “AirLive WT-2000ARM”, “Pentagram Cerberus P 6331-42″, “ZTE ZXV10 W300″ (sold by Orange and T-Mobile). Without any authentication, you can get to the pages that allows to generate a device configuration backup, and the backup file that can be decoded with a password stealing.

What it might end? The answer to this question is a dramatic story described by the portal Niebezpiecznik.pl

January 15 disappeared from the account I nearly 16,000 z?. Transfer was made on account mbank to a real person (as confirmed by [me] bank), but at the same time he was immediately credited to another account numbers (of people who as it turned out, were also victims). Cala procedure was, what I can say after the fact, the replacement of DNS services router (vulnerable to attack AirLive WT-2000ARM). This was confirmed when the second time, two days ago, again something disturbing appeared on page mBank. I could not run the new version of the bank. The whole time redirect me to the old version, which struck me as odd, and in addition there was no certificate, and bank address looks like this: ssl-.www.mbank.com.pl

known for the transfer of Internet bank must use the SMS code. How, then, there has been a theft? About this for a moment.

explain how they attacked the router. First, hackers seek models susceptible to attack (do it by example, querying a specific page). The device has to have the ability to log on remotely.

Sometimes it happens that the router does not need to even break (the user has not changed the default password). Otherwise, you have to steal from the device with the backup file and decode contained therein password. When you access the hackers changed the DNS server addresses.

What is DNS? This is a special node that translates page address called an IP address. Just so that takes us to a fake banking site and nothing will be able to see.

Hackers will try to keep their site to look like the original. The more that to carry out an effective step needed is one more step.

As I mentioned earlier without a password sent SMS criminals could not steal from your account 16 thousand. z?. In the screenshot below you can see, however, that have demonstrated an exceptional impudence: convince the victim that due to the mix of brands mBank and Multibank to confirm your account number. And for this it is necessary to rewrite the resulting code (so that the bank had assured that “we” are “we”).

Niebezpiecznik Fig. Niebezpiecznik.pl

fact, however, the hackers with a password given to them by the victim made a transfer in the amount of 16 thousand. z?. To complicate the investigation shed money to people who also have become their victims. The mechanism of this action is called “man and the middle”.


when the victim formed part of the login and password for substituted, controlled by the attacking side, the same data the attacker “reflected” at the same time towards the official site mBank. Thanks to this, the definition of “trusted customers”, although carried out on substituted side actually took place on a real client account.

– explains Niebezpiecznik.pl

probably will think that if in the event of theft immediately react to that hackers can quickly track? Unfortunately, the portal dispels these hopes:

According to our reader relationship, criminals need a few hours to wytransferowa? funds from his account. mBank, after the submission of complaints by the customer replied that he had, to quote the reader, “hands are tied until the police and the prosecution did not present his position, and it can take anywhere from 3 to 12 months. complaint shall be suspended pending the decision of the prosecutor’s office.”

most effective way to avoid such problems is to secure our network. The first step may be to use the free tool provided by Orange. On the cert.orange.pl / modemscan know if our router is “visible from the outside”, whether it is on the log. If so, hackers have us as on a fork.


If you want to check if your modem is vulnerable to an attack made public recently, allowing to control it by cyber-criminals, test it using our tool. It checks whether the configuration of the device is resistant to the described vulnerability that allows remote access from the Internet, as well as whether your modem is password protected others.

– read on Orange.

Secondly, it is worth checking the DNS numbers entered in the router – must be generally known, trusted. I use a long time addresses 8.8.8.8 and 8.8.4.4 Google but you can choose your own address. Such a “stiff” setting DNS protect us from attack. Or at least much more difficult life hackers, prevent theft using only the Internet. It will be useful also to-date software. One of the readers of the portal Niebezpiecznik theft protected the Chrome browser, which alerted about problems with SSL. You can also use the detailed guidance .

described above theft is proof that even in Poland, there are very specialized group of hackers that are able to attack all of us. Stealing the Internet can unfortunately affect almost everyone.

No comments:

Post a Comment