- Jul 22, 2014
- 2,525
Still using the password from the back of the router? Oops!
Hackers have graduated from planting malware on the vulnerable routers supplied to consumers by various ISPs towards stealing Wi-Fi keys.
Andrew Tierney, a security researcher at UK consultancy Pen Test Partners, noticed the switch-up in tactics in attacks against its honeypot network over the weekend.
Customers of UK ISP TalkTalk are among those at the most immediate risk of having their Wi-Fi credentials stolen. The TalkTalk router firmware fix fails to solve this problem because it reverts customers back to a default password hackers might already have snatched, Pen Test Partners warns.
TalkTalk published a fix to the TR-064 / Annie issue. What this does is disable the TR-064 interface and reset the router. It resets the passwords, back to the ones written on the back of the router.
[But] nearly all customers never change their Wi-Fi key from that written on the router. So, the Annie worm and hackers have already stolen their Wi-Fi keys, and the TalkTalk fix simply resets the router, to the exact same keys that have already been stolen!
The TR-064 vulnerability means that hackers can access or alter the device's LAN configuration from the WAN-side using TR-064 protocol. “Attackers appear to have cottoned on to the fact that the TR-064 vulnerability can be used for more than just recruiting the router into a botnet,” Pen Test Partners explain.
more in the link above.
Hackers have graduated from planting malware on the vulnerable routers supplied to consumers by various ISPs towards stealing Wi-Fi keys.
Andrew Tierney, a security researcher at UK consultancy Pen Test Partners, noticed the switch-up in tactics in attacks against its honeypot network over the weekend.
Customers of UK ISP TalkTalk are among those at the most immediate risk of having their Wi-Fi credentials stolen. The TalkTalk router firmware fix fails to solve this problem because it reverts customers back to a default password hackers might already have snatched, Pen Test Partners warns.
TalkTalk published a fix to the TR-064 / Annie issue. What this does is disable the TR-064 interface and reset the router. It resets the passwords, back to the ones written on the back of the router.
[But] nearly all customers never change their Wi-Fi key from that written on the router. So, the Annie worm and hackers have already stolen their Wi-Fi keys, and the TalkTalk fix simply resets the router, to the exact same keys that have already been stolen!
The TR-064 vulnerability means that hackers can access or alter the device's LAN configuration from the WAN-side using TR-064 protocol. “Attackers appear to have cottoned on to the fact that the TR-064 vulnerability can be used for more than just recruiting the router into a botnet,” Pen Test Partners explain.
more in the link above.
