Home Code Snippets Oracle Reference Oracle Functions Oracle Error Codes Forum Oracle Jobs Oracle Blogs

How to Hack Millions of Routers

More Good News: most home routers, like the one you're using right now, are "easily hackable".  A researcher named Craig Heffner from the security consultancy company Seismic says about half the existing models of home routers are vulnerable to hackers. This includes most Linksys, Dell, and Verizon FiOS or DSL routers, plus others. The technique to infiltrate and take over routers like the ones mentioned has been known aboutsince at least 1995, but as Heffner puts it, "It just hasn't been put together like this before."

Heffner plans to release a software tool at the Black Hat conference later this month that exploits the routers through a technique known as "DNS rebinding". It works in part because a website can be made accessible through multiple IP addresses. This flexibility was designed to let sites balance traffic among multiple servers or provide backup options.

Heffner's trick is to create a site that lists a visitor's own IP address as one of those options. When a visitor comes to the booby-trapped site, a malicious script runs that switches to its alternate IP address (which is actually the user's own IP address) and then connects to the visitor's home network. This allows hijacking the user's browser and also generally also permits access to their router settings.

To help guard agains this exploit, users should check to make sure that their router's firmware is updated and patched, and never, Never, NEVER use the default security settings. Change your password and make it a random mix of numbers and letters, at least ten characters long.

So, what routers are affected? Here's a partial list:

Google Spreadshhet Listing

  Vendor Model H/W Version F/W Version Hackable?


ActionTec MI424-WR Rev. C YES


ActionTec MI424-WR Rev. D YES


ActionTec GT704-WG N/A YES


ActionTec GT701-WG E YES


Asus WL-520gU N/A N/A YES


Belkin F5D7230-4 2000 4.05.03 YES


Belkin F5D7230-4 6000 N/A NO


Belkin F5D7234-4 N/A 5.00.12 NO


Belkin F5D8233-4v3 3000 3.01.10 NO


Belkin F5D6231-4 1 2.00.002 NO


D-Link DI-524 C1 3.23 NO


D-Link DI-624 N/A 2.50DDM NO


D-Link DIR-628 A2 1.22NA NO


D-Link DIR-320 A1 1 NO


D-Link DIR-655 A1 1.30EA NO




Dell TrueMobile 2300 N/A YES


Linksys BEFW11S4 1 1.37.2 YES


Linksys BEFSR41 4.3 2.00.02 YES


Linksys WRT54G3G-ST N/A N/A YES


Linksys WRT54G2 N/A N/A NO


Linksys WRT160N 1.1 1.02.2 YES


Linksys WRT54G 3 3.03.9 YES


Linksys WRT54G 5 1.00.4 NO


Linksys WRT54GL N/A N/A YES


Netgear WGR614 9 N/A NO


Netgear WNR834B 2 2.1.13_2.1.13NA NO


OpenWRT N/A N/A Kamikaze r16206 YES


PFSense N/A N/A 1.2.3-RC3 YES


Thomson ST585 6sl YES
This entry was posted in Uncategorized and tagged , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Both comments and trackbacks are currently closed.