Hackers Hone In on Home Routers Through Brazilian Newspaper

September 24, 2014 @ 5:00 AM
| |
2 min read

It’s difficult enough for traditional media such as newspapers to attract and keep readers, but the next time Política Estadão tries to boost its circulation, it may face uncomfortable questions about how it will protect its subscribers’ home routers from hackers.

According to a blog post from Fioravante Souza, a researcher with website security firm Sucuri, visitors to the Brazilian newspaper’s website were recently confronted with a series of iFrames that were loaded on the home page. These iFrames would then run a script that would attempt to identify users’ IP addresses, then guess the most common default passwords to change the configurations of their DSL home router.

Attacks on Home Routers Not Uncommon

This incident with Política Estadão is not the first of its kind. In fact, on Sept. 2, Fabio Assolini, senior security researcher for Kaspersky Labs, provided a detailed report on a similar series of attacks. In this case, hackers used emails that tricked consumers into clicking on a link that took them to websites resembling those of Brazilian banks. The sites ran scripts that attempted to change Domain Name System home router settings and access financial credentials. Assolini wrote that he expects this approach to spread quickly in Brazil as the number of victims increases.

An analysis of the Política Estadão attack on ThreatPost points out that iFrames are by no means a new form of attack vector and that home routers in particular are often targeted due to perceived weak security settings. For example, these devices may not be patched as often as similar equipment in the enterprise. What’s worse, the increasing number of devices that may be accessing the Internet to provide more advanced services in so-called “smart homes” might only serve to exacerbate the problem. The MIT Technology Review recently looked at the vulnerabilities around IP-connected TVs, printers and remote storage devices, among other possibilities.

Security Practices Vital

Fortunately, consumers don’t have to do much to avoid the most dire consequences of these attacks. While eWEEK showed research as far back as 2008 that home routers could be open to hackers, the potential fixes include developing passwords stronger than simply “admin,” disabling JavaScript and/or play options in browser settings and, of course, never clicking on suspicious links in emails or on websites. Script blockers such as NoScript and NotScripts may also be worth considering.

Who’s Worried About Home Network Security?

Given how much corporate work gets done at home, it may be time for chief security officers to ensure employees are well-educated on these types of security practices. Organizations such as Política Estadão could also take on a security-based mission as an act of public-service journalism. After all, people expect to get bad news in the newspaper sometimes, but no one wants to end up being part of this kind of story.

Image source: Wikimedia Commons

Shane Schick
Writer & Editor
Shane Schick is a contributor for SecurityIntelligence.