Last summer I was trying to impress my neighbors, betting that I could hack into their router. After hearing for a few minutes that the mere notion was probably one of the geekiest things they had heard, I proceeded to show them (with their permission of course).
By them having a wireless router, I was able to connect to their unsecured WiFi network with very little difficulty, and then I took a guess that they probably had a Linksys or D-Link router. Guessing at the Linksys model first, I went to the Linksys website, and read the installation instructions to get the management URL and default username and password. Within about 5 minutes I was in and secured the WiFi with my own password that I did not tell them. Now I was in and they were out.
I would not consider myself a skilled hacker by any means, which makes this “Drive-By Pharming” report by the University of Indiana entirely plausible to me, and probably overdue. The study showed that by using client side scripting in a web page, it is programmatically possible to do what I had done to hack into my neighbors’ router, and more.
This new type scam doesn’t only affect wireless routers either; a router connected by cable still utilizing the default settings is just as susceptible. By simply visiting a web page that hosts the malicious scripts, they can be executed possibly without the surfer being aware and change the DNS settings in the router to divert traffic to a different, and possible fraudulent web site. The fraudulent site could be made to look like and have the exact same domain as a legitimate sight, tricking the user to enter private information such as account numbers or passwords.
The best way to protect against this type of router hack is to change the username and/or password on your home router to something other than the default. The potential hacking script would not try to guess your password, but would only prey on the many routers that were set up and left in the default, factory settings.