Security researchers have exposed a world-spanning network of hijacked wireless routers, involving over 300,000 devices used in homes and small businesses being compromised by exploiting loopholes in their core software.
According to researchers at Team Cymru’s Enterprise Intelligence Services, hackers used several techniques including the DNSChanger malware to take on the devices and modified the domain name system (DNS) servers that interpret human-friendly domain names into the IP addresses used by computers to trace their Web servers.
The vulnerability allowed hackers to redirect users to wherever they wanted; insert their own advertisements into web pages or even destroy the received search results.
A range of router models from several manufacturers including D-Link, Micronet, Tenda, TP-Link, were highly hit with attacks in Vietnam, India, Italy and Thailand.
Team Cymru researcher Steve Santorelli told BBC that the reason for developing the network of hijacked routers still remained ‘mysterious’ as the hackers did not seem to have abused their control for malicious ends.
"It’s a definite evolution in technology – going after the internet gateway, not the end machine," Santorelli added.
"We see these leaps in concepts every few years in cybercrime."
Researchers discovered that the affected devices open to multiple exploit techniques, such as a exposed authentication bypass vulnerability in ZyXEL Cirmware and Cross-Site Request Forgery (CSRF) techniques.
