From 2011 to 2012, millions of Internet users in Brazil fell victim to a massive attack against vulnerable DSL modems. By configuring the modems remotely, attackers could redirect users to malicious domain name system (DNS) servers. Victims trying to visit popular websites (Google, Facebook) were instead directed to imposter sites. These rogue sites then installed malware on victims’ computers.
According to a report from Kaspersky Lab Expert Fabio Assolini citing statistics from Brazil’s Computer Emergency Response Team, the attack ultimately infected more than 4.5 million DSL modems.
The Brazil incident illustrated that security experts could no longer afford to ignore firmware vulnerabilities. With the frequency of firmware attacks continuing to rise, it’s clear that greater security must be a priority. But has device security meaningfully improved in the past decade?
What Was the Brazil DSL Modem Hack?
According to Assolini, the initial vulnerability appeared to be a chipset driver inside the modems. Chipset drivers enable proper communication with device motherboards. This vulnerability allowed actors to launch a cross-site request forgery (CSRF) attack.
CSRF uses a simple script to steal passwords and remotely log in to take control of devices. Attackers then configured the hijacked modems to link to malicious DNS servers. Anyone using the compromised modems was redirected to fake websites that mimicked legitima ..
Support the originator by clicking the read the rest link below.
