Internet security: firewalls and beyond
Communications of the ACM
Puppetnets: misusing web browsers as a distributed attack infrastructure
Proceedings of the 13th ACM conference on Computer and communications security
Quantifying the operational status of the DNSSEC deployment
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
A Browser-Based Kerberos Authentication Scheme
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Authenticated wireless roaming via tunnels: making mobile guests feel at home
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Risks of the CardSpace Protocol
ISC '09 Proceedings of the 12th International Conference on Information Security
Framing attacks on smart phones and dumb routers: tap-jacking and geo-localization attacks
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
iHTTP: efficient authentication of non-confidential HTTP traffic
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
BetterAuth: web authentication revisited
Proceedings of the 28th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
This paper describes an attack concept termed Drive-by Pharming where an attacker sets up a web page that, when simply viewed by the victim (on a JavaScript-enabled browser), attempts to change the DNS server settings on the victim's home broadband router. As a result, future DNS queries are resolved by a DNS server of the attacker's choice. The attacker can direct the victim's Internet traffic and point the victim to the attacker's own web sites regardless of what domain the victim thinks he is actually going to, potentially leading to the compromise of the victim's credentials. The same attack methodology can be used to make other changes to the router, like replacing its firmware. Routers could then host malicious web pages or engage in click fraud. Since the attack is mounted through viewing a web page, it does not require the attacker to have any physical proximity to the victim nor does it require the explicit download of traditional malicious software. The attack works under the reasonable assumption that the victim has not changed the default management password on their broadband router.