In early August, personal and sensitive information was obtained from customers of Brazil’s largest bank after their home routers were ‘hijacked’.
Victims were unlikely to have been aware of any change resulting from the attack. They selected what appeared to be the correct web page, and were redirected to a convincing fake banking page.
This technique is not new, but remains relatively unusual – and could be replicated elsewhere. It sees router vulnerabilities exploited to gain access to the victim’s router and its DNS configuration changed, allowing the attacker to redirect DNS requests to a malicious server.
Victims may not even receive a warning that they are connecting to an insecure site if the actors use ‘SSL stripping’ or other techniques to overcome SSL/TLS certificate validation issues.
Home routers can sometimes be seen as ‘soft targets’, with their security being given a relatively low priority. Installing the latest router updates is recommended, as is using ad blockers to mitigate malvertising.
The best advise for home users is to deploy patches on their wireless network infrastructure such as wireless routers and wireless access points, as this will protect traffic from all devices while they are connected to that network. Wireless routers issued by major ISPs may automatically update once a patch becomes available. However, many Wi-Fi network devices (including some of those used by enterprises and small business) will require a manual update.