Skip Links

'Pharming' follow-up: Almost 80 Cisco routers vulnerable to attack

By Layer 8 on Tue, 02/20/07 - 5:50pm.

Cisco today issued a warning that almost 80 of its Small Office/Home Office (SOHO), Remote Office/Branch Office (ROBO) and Teleworker business routers may be vulnerable to a new JavaScript-based security threat dubbed "Drive-by Pharming."

Symantec and the Indiana University School of Informatics coined the term Pharming in a report and white paper issued last week. As discussed here, "drive-by pharming" lets a hacker change the DNS settings on a user's home broadband router or wireless access point. The attack is possible whenever a broadband router is not password protected or the attacker manages to guess the password.

Most routers come with a default password and if you don't change it, well, you leave your home network up for grabs, the companies say. For Cisco's part, the company said in its warning: The purpose of this response is to inform customers how to change any default credentials which may ship pre-configured on an impacted Cisco router upon initial configuration and before the device is connected to a public network.
While there are no known pharming cases in the wild, the practice could potentially affect about half of the 60 million customers who have routers and haven't changed the default password, Symantec said.