Stories
Slash Boxes
Comments
typodupeerror delete not in
  • Preferences

Comments: 3 +-   2Wire and AT&T ignore active security exploit-> on Tuesday April 08 2008, @02:18PM

Submitted by on Tuesday April 08 2008, @02:18PM
security
An anonymous reader writes "2Wire manufactures DSL modems and routers for AT&T and other major carriers. Their devices suffer from a DNS redirection vulnerability that can be used as part of a variety of attacks, including phishing, identity theft, and denial of service. This exploit was publicly reported more than eight months ago and applies to nearly all 2Wire firmware revisions. Refer to http://www.securityfocus.com/bid/27246

The exploit itself is trivial to implement, requiring the attacker only to embed a specially-crafted URL into a website or email. User interaction is not required, as the URL may be embedded as an image that loads automatically with the email or web page.

The 2Wire exploit completely bypasses any password set on the modem/router and is being actively exploited in the wild — see http://www.dslreports.com/forum/r20156920-DNS-Hijack-on-2wire-routers

AT&T has been deploying 2Wire DSL modems and router/gateways for years, so there exists a large vulnerable installed base. So far, AT&T/2Wire have yet to do anything about this exploit."
Link to Original Source
submission
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

2Wire and AT&T ignore active security exploit 3 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.
  • Since all the "exploits" seem to base on the same principles of making the user click/visit the link that point to a certain router management action page - this is fairly easy to defeat by making sure that the malicious URLs point to invalid addresses. All you need to do is change your router IP from its default and "break" its default hostnames (gateway.2wire.net and home) in the hosts file. Detailed workaround steps: http://oleksiygayda.blogspot.com/2008/04/how-to-protect-your-2wire-router-from.html [blogspot.com]
  • Contrary to what AT&T spokesman Seth Bloom said, they do not have fixes available. I use one of their gateways I recieved from them, new, last week. A 2Wire 1701HG-B and it is open these exploits (I tested it). Using its internal firmware update mechanism, it says no updates are available. Checking AT&T's support site, no firmware downloads are available, nothing on 2Wire's site as well. One person in a Beta for AT&T has said (over on dslreports 2Wire forum) he is testing a fix for another
    • It's all PR, directed at the non-computer-literate customers that make up the majority of the customer base. They will read it, and go "oh ok, it's fixed, yay AT&T" and will never know why their PayPal credentials got stolen if the website they visited looked exactly like the original and even said www.paypal.com in the URL. It's us geeks that will know that the vulnerability is still there and a DNS record for any site can still be spoofed to make any domain go to any phishing site... but now AT&T
Search
Another such victory over the Romans, and we are undone. -- Pyrrhus

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.