Attacking Routers From the Outside In

Okay, quick quiz: Let’s say that you’ve disabled Remote Administration on your router. How can an attacker gain access to the router’s administrator interface from across the internet to try to guess the password and break in?

Answer: Trick question! There’s no way to you can see the administrator interface from the internet side of the router. The administrator interface is only available on the local network if Remote Access is turned off. Right???

Real Answer: Sorry, it’s actually possible. Or so says Craig Heffner who recently gave a talk at computer security conference DEFCON 18. His approach is quite clever, taking advantage of some vulnerabilities in some firmware, as well as some fundamental flaws in some established protocols. In particular, Heffner takes advantage of CSRF vulnerabilities and a process known as DNS Rebinding.

Have a look at the video to see what it’s all about.