Phishing over CSRF

In my posting CSRF: And Go it Does, I wrote about a recently discovered Cross-Site-Request Forgery vulnerability in Linksys WLAN routers. To cite myself:

However I agree that this is not the most critical vulnerability. How many people are permanently logged into their WLAN router?

I’m still aware that not many people will be permanently logged onto their router, however the bad guys are once again one step ahead. They thought of a way to exploit the flaw that is – I have to admit – ingenious. Absolutely ingenious. Basically, using the flaw any setting on the router can be changed. This also holds true for the DNS settings of course. So what they did is they used CSRF to change the DNS server of any router whose logged-in administrator happened to surf on a page that contained the CSRF code.

The DNS server they used resolved the domain name of a Mexican bank to the IP of a phishing server. So next time you enter the URL to your online banking application, you should check the SSL certificate (you should always do that anyway). While we security guys are aware of such attacks, I’m sure 99% of online banking users are not.

So, as I predicted, once again  an amazing use of Cross-Site-Request Forgery. I’m sure there’s still a lot more to come!

Picture of Phishing Nets being thrown out at sunset by ezee123

Tags: CSRF, Security, Exploit, Vulnerability, WLAN, XSRF, Cross Site Request Forgery, Phishing, Bank, Linksys, Router, Hacker, Hacking