What is the most common threat across cyberspace these days? It’s still phishing — there’s nothing new under the sun. But today’s router-based phishing doesn’t require you to fall for a hoax e-mail message. In fact, you can follow a whole bunch of standard rules — avoid using public Wi-Fi, hover over links before clicking, and so forth — but in the situation we discuss here, those rules won’t help. Let’s take a closer look at phishing schemes that involve hijacked routers.
How routers end up being hijacked?
In general, there are two basic ways to hijack a router. The first approach is to take advantage of default credentials. You see, every router has an administrator password — not the one you use to connect to your Wi-Fi, the one you use to log in to the router’s administrator panel and to change its settings.
Although users can change the password, most leave it unchanged. And when we keep the default password set by a router’s manufacturer, outsiders can guess — or sometimes even Google — it.
Here's an instruction manual
The second approach is to exploit a vulnerability in a router’s firmware (of which there is no shortage) that allows a hacker to take control of the router without any password at all.
Either way, criminals can do their thing remotely, automatically, and on a massive scale. Hijacked routers can provide diverse benefits, but the one we’re going to focus on here is phishing that is extremely hard to spot.:yawn:
How routers end up being hijacked?
In general, there are two basic ways to hijack a router. The first approach is to take advantage of default credentials. You see, every router has an administrator password — not the one you use to connect to your Wi-Fi, the one you use to log in to the router’s administrator panel and to change its settings.
Although users can change the password, most leave it unchanged. And when we keep the default password set by a router’s manufacturer, outsiders can guess — or sometimes even Google — it.
Here's an instruction manual
The second approach is to exploit a vulnerability in a router’s firmware (of which there is no shortage) that allows a hacker to take control of the router without any password at all.
Either way, criminals can do their thing remotely, automatically, and on a massive scale. Hijacked routers can provide diverse benefits, but the one we’re going to focus on here is phishing that is extremely hard to spot.:yawn:
Aucun commentaire:
Enregistrer un commentaire