Flash Attack Could Turn Routers Into Zombies

Experts say online criminals could exploit UPnP to hijack routers

By Rob Quinn, Newser Staff

Posted Jan 16, 2008 1:11 PM CST

(Newser) – Security experts have demonstrated how attackers could use Flash software and the Universal Plug and Play (UPnP) protocol to hijack their home routers, reports PC World. Users exposed to a malicious Flash file could have the servers they're trying to reach changed remotely and secretly, meaning a fraudster could redirect the user to phony bank or e-commerce websites even if they typed the right address into their browser.

If you're not a computer whiz, turning off UPnP on your router will make it difficult to use applications like instant messaging and Skype, but the experts said the extra security could be worth it if it can prevent routers being turned into "zombies." One expert disagreed, however, pointing out that criminals haven't even started using this kind of attack.

Researchers say 99% of home routers are vulnerable to attackers using Flash and UPnP to hijack their routers. They recommend disabling UPnP, although this could make it difficult for non-technical users... (KRT Photos)

The potential for the use of features in Flash and UPnP has some security experts worried. If a DNS server is hijacked using Flash and UPnP, users could be redirected to phony websites by criminals even... (Associated Press)

Two computer security experts are warning that criminals could use elements of Flash software and the UPnP protocol to hijack routers, turning them into 'zombies' redirecting users to fake websites. (PRNewsFoto/D-Link) (Associated Press)

« Prev« Prev | Next »Next » Slideshow

To report an error on this story, notify our editors.

More Newser Stories

Cybercriminals Create 57K Fake Websites a Week

Most mimic eBay, banks, etc.

(NEWSER) - Here's a happy stat: Hackers create at least 57,000 fake websites a week, reports SecurityWeek . Most are set up to be clones of banks or other commerce sites, with eBay and Western Union by far the most common. Others in the top 10 include Visa, HSBC, Bank of America, Amazon, and PayPal. Search engines constantly update to weed them out, but the hackers are relentless. And because the 57,000 figure comes from the research of just one security company, the real number is probably higher, notes SecurityWeek. More»

Apple Loosens Up on Apps

Restrictions lifted, guidelines published

(NEWSER) - Apple has done a U-turn and scrapped restrictions introduced earlier this year on what tools developers can use to build applications for the iPhone and iPad. Developers will now be allowed to use tools based on Adobe's Flash, and restrictions on other programming languages have been lifted, the Wall Street Journal reports. Shares in Adobe jumped after the news, though iPhone and iPad users still won't be able to access Flash-based content on the Internet. More»

Identify Theft Cases Spike, but Hackers Aren't to Blame

Private data lying around in plain view on Internet

(NEWSER) - Last year the number of identity theft victims in the US jumped 12%, while the number of Internet-related fraud cases went up 23%. But the problem isn't just hackers, say experts: In many cases, we're exposing our private data to anyone and everyone who knows where to look. Atlanta officials recently found names, Social Security numbers, and home phone numbers of 1,000 of the city's firefighters online, for instance. More»

Adobe Strikes Back In Flash Scuffle

Letter, newspaper ads refute Jobs' anti-Flash argument

(NEWSER) - Adobe isn't taking Apple's assault on Flash lying down. The company's founders released an open letter of their own today—albeit a much shorter and less combative one—and took out ads in the New York Times and Wall Street Journal, Bloomberg reports. “We believe the question is really this: Who controls the World Wide Web?” they write. “The answer is: nobody—and everybody, but certainly not a single company.” More»

Take That, Steve: Adobe Giving Workers Androids

The tech wars continue

(USER SUBMITTED) - First Adobe publicly wonders why Apple won't allow its Flash animation product on any of its iPhone, iPad, etc., platforms. The Mighty Steve Jobs then writes a rant about Flash's lack of openness. The Adobe CEO responds with his own letter. Now in the ongoing tit-for-tat Adobe will give all its employees a free phone that runs Google's Android operating system which, you will not be surprised to learn, supports Flash. Your serve, Stevarino. CNET has the story here . More»

NEWS FROM OUR PARTNERS

What is Newser?

Face it: there's too much news. At Newser, we choose the most thought-provoking and entertaining stories from hundreds of US and international sources and reduce them to a headline, picture, and two paragraphs. And we do it 24/7—you can come back morning, noon, night (and in between) for something new that matters. Read less, know more.

Learn more »

Partnering with: Slate

View Newser on the mobile website

Flash Attack Could Turn Routers Into Zombies

Experts say online criminals could exploit UPnP to hijack routers

OTHER STORIES ON OUR RADAR

online fraud • Skype • instant messaging • hackers • computer security • routers • Adobe • Flash

MOST POPULAR STORIES

[ By Views ]

[ By Comments ]

More Newser Stories

Cybercriminals Create 57K Fake Websites a Week

Most mimic eBay, banks, etc.

Apple Loosens Up on Apps

Restrictions lifted, guidelines published

Identify Theft Cases Spike, but Hackers Aren't to Blame

Private data lying around in plain view on Internet

Adobe Strikes Back In Flash Scuffle

Letter, newspaper ads refute Jobs' anti-Flash argument

Take That, Steve: Adobe Giving Workers Androids

The tech wars continue

About Us

Site

Newser By Users

Community

Site Maps

Tools

More News

What is Newser?

Flash Attack Could Turn Routers Into Zombies

Experts say online criminals could exploit UPnP to hijack routers

Bookmark & Share

OTHER STORIES ON OUR RADAR

online fraud • Skype • instant messaging • hackers • computer security • routers • Adobe • Flash

MOST POPULAR STORIES

[ By Views ]

[ By Comments ]

More Newser Stories

Cybercriminals Create 57K Fake Websites a Week

Most mimic eBay, banks, etc.

Apple Loosens Up on Apps

Restrictions lifted, guidelines published

Identify Theft Cases Spike, but Hackers Aren't to Blame

Private data lying around in plain view on Internet

Adobe Strikes Back In Flash Scuffle

Letter, newspaper ads refute Jobs' anti-Flash argument

Take That, Steve: Adobe Giving Workers Androids

The tech wars continue

About Us

Site

Newser By Users

Community

Site Maps

Tools

More News

What is Newser?