Defends against CSRF and avoids hijacking of household DSL routers

It was originally considered to be only a well-known attack Method Targeting websites. It can also be found to be applied to consumer-level network devices. NathanHamiel, founder of HexagonSecurityGroup, found that Cross-SiteRequestForgery (CSRF, Cross-Site Request Forgery) is also available on most domestic DSL routers.
CSRF is not a new technology. As early as 1988, normhard discovered an application trust problem called confuseddeputy )". Both CSRF and click hijacking are examples of "obfuscation of agents" attacks, which are mainly targeted at Web browsers.

What is CSRF?

Currently, the most popular CSRF attacks are caused by the injection of malicious code or connections on the webpage. When the victim's browser executes malicious code or the victim clicks the connection, attackers can access network applications that are authenticated by victims. If the victim uses a multi-window browser, the attacker can control the Web application in any window of the browser as the victim.

In reality, such attacks are often used by attackers to intrude into and control the victim's Web-based email account. The following is an example of obtaining the mailbox control:

1. I log on to my Web-based email account.

2. Before receiving an important email, I decided to take a look at it online, so I opened a new window in a multi-window browser.

3. The website I visited contains hidden code. My browsing behavior activates hidden code and sends an HTML request to my email Web server. The content of this request may be to delete all emails in my inbox. It's done.

My example may be too simple, but it is not an armist. It reflects the strength and concealment of CSRF attacks. Don't forget, a simple HTML request can indeed delete all emails in your inbox. GNUCitizen has an article titled "CSRF secrets", which details the Attack Details. Below are some interesting content I have summarized about CSRF Attacks:

If the Web application is open, any other Web page can send a request to the Web application and operate on it as privileged as the user.

The longer Web applications are open, the more likely such threats are.

Bookmarking websites are an excellent way for hackers to build CSRF attack traps and trap common users.

CSRF attacks on DSL routers

The method proposed by Hamiel to obtain DSL router permissions through CSRF attacks is similar to the method used for website attacks. It uses a Motorola/Netopia2210DSL MODEM. Therefore, if you have similar devices, be cautious. The specific attack steps are similar to the ones I mentioned above, So I act as a victim again:

1. After saving my life, I finally changed my new DSL router. I was excited to install it and began to configure it quickly.

2. As an old Internet user who has been hacked for many times, I certainly do not want strangers to access my router management interface. Therefore, I disabled the interface for accessing the router through the WAN.

3. Now remote management has been disabled. Only I can access my DSL management interface, so I don't have to worry about the theft of the administrator password of the vro.

4. My buddy is a genius on the Internet. He knows that I just bought a new DSL router. So he sent me an email asking me to see his new website.

5. I entered his new website. What do you guess? I tried again. My buddy now has control over my DSL router.

Basically, this is the same type of CSRF attacks. I activated an HTML request on my buddy's website, which sends the following command to my browser:

Connect to my new DSL router.

Enable remote management.

Add a password to the administrator account.

Since then, my new DSL router can only be controlled by my buddy. Poor.

Press Reset to clear all troubles

The reset button of the vro is the easiest way to fix this attack. The problem is that the vro management password is modified and does not affect my daily use. Therefore, I may be unaware of this attack. Only when a vro encounters a problem or I plan to modify the vro configuration, the password is changed. I also bet that many readers have not even configured their DSL routers. After buying them, they simply plug in the network cable and start using the router in factory mode.

What is the end?

As the edge network devices are under the control of hackers, the next thing hackers can do is more. Hamiel wrote "CSRF threat LAN device" on the blog of Neohaxor.org, which is described in detail:

"Remember, hackers can remotely control your vro. Therefore, even if your computer uses an intranet IP address, hackers can easily obtain your network logs. Through the log, you can easily confirm the Intranet IP address and modify the router settings so that hackers can directly access your intranet IP address through the Internet. Therefore, it is not impossible to attack computers in the LAN ."

Prevention is simple

Many people may have heard of such comfort. In fact, it is very easy to prevent CSRF from attacking network devices. You only need to modify the default settings on the network devices, especially those devices connected to the Internet, such as DSL routers. More importantly, replace the default administrator password with a stronger password. This is not difficult.

I personally suggest setting up a router/firewall after any edge device (such as a DSL router), which is equivalent to adding a security barrier.

Summary

CSRF attacks against DSL routers are relatively effective because DSL routers are rarely considered when detecting malicious software attacks. Therefore, even if the malware on the computer is cleared, the way of infection is still unobstructed. It is precisely because of this threat that the consequences are quite serious, but they can be easily avoided.