Millions of Home Routers Vulnerable to Hackers

At the Black Hat conference in Las Vegas this month, a group of highly accomplished hackers-turned-security researchers will converge to show off their latest discoveries and to share their findings with the development community. Among them will be Craig Heffner, who plans to unveil a flaw in consumer routers that could expose ‘millions’ of home networks to hackers.

“The sleight of hand discovered by Heffner involves establishing an attack site which runs malicious script that means a visitor's own IP address is presented as one of the site's alternative IP addresses, thereby granting a trusted status to a malign site. Modern browsers are designed to block earlier types of such attacks but not with this particular scenario, for reasons Heffner is due to explain at Black Hat.”

Present in a variety of router models by companies such as Linksys, Belkin and Dell, the flaw is a vulnerability to a classic hacking technique called DNS rebinding, in which hackers use malicious code to “trick” a device into controlling it. While Heffner’s discussion will hopefully include preventative measures for the manufacturers of these routers, there is currently a list of vulnerable kits and sensible workarounds to address this flaw at