Don't pick on Cisco every router maker is at fault

Stuart Corner
Wednesday, 21 February 2007 13:11

Opinion and Analysis

Cisco is getting heaps of bad press because, shock horror, 77 of its routers are vulnerable to "drive-by pharming" attacks, but that's just because they make more products than other manufacturers. Every major router maker, and broadband service providers who use their products needs to take heed.

When I signed up for a new broadband service my router/ADSL modem, supplied by my ISP, shipped with a set of installation and configuration instructions. After it was plugged in and connected I was told to go to my browser and type in the address http://192.168.1.254. That brings up not a website somewhere out there in cyberspace but a web page in the router that enables me to set various parameters. First I had to enter a username and password. These were defaults set by the manufacturer.

Because these are standard for each router it is possible for criminal elements to get software onto my computer that will automatically log on to this page, enter the default username and password and change domain name server settings so that ever time I access a web site I get routed though their systems enabling them to extract information or, if they choose, present me with a false web site masquerading as the one I want to access.

The solution is simple: change the password. Manufacturers could easily force a password change as the first action after the use logs on. But they don't. Not only that, in the instructions I got from my ISP (admittedly the manufacturer's unedited) there was not even a suggestion that I should change the password. Just log on, set parameters, save, log out and start browsing!

That's why the bad guys have come up with this technique: millions of routers out there all with known usernames and passwords because the suppliers chose not to require or even recommend that they be changed.