Thursday, January 24, 2008

Article in The Register:

A security researcher says he has observed criminals using a new form of attack that causes victims to visit spoofed banking pages by secretly making changes to their high-speed home routers.

Talk about a targeted attack... Thing is, broadband users don't have all have the same router so that lowers the usefulness of this attack for the big money criminal operations, I would think, even if the attack can be carried out over the internet versus in a car across the street. Homogeneity in the digital gene pool does pay off, I think.

Seems this would be more on the level of neighborhood crime. Perhaps in the future when people are more tech savvy overall, this type of crime will make stealing radios and CDs out of cars obsolete. Meanwhile I suppose this attack could be interesting if the target of the attack is, let's say, a financial planner...

While the likelihood is probably on the low side, impact is high. But really, who cares? Changing your router password is not that tough. A near zero risk mitigation cost is a no-brainer no matter what the risk.

Although it's One More Thing for the average home user has to fix. Wouldn't it be neat if manufacturers could set the router password to be unique per box or at least chosen from a reasonably sized set? DIP switches? Programmed Logic Array? A batch of different EEPROMs? If they can print unique serial numbers can't they give routers unique passwords?

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.