The attacks would allow traffic to be redirected and intercepted. This means it can log your data traffic, and will submit every machine in your local network to attacks as they use the router.

The presentation at Black Hat, as indicated by the title, "How to Hack Millions of Routers", doesn't beat around the bushes. Popular router models from Netgear, Linksys and Belkin were found to be vulnerable to the veteran security leak known as DNS-rebinding. Even the third-party firmwares such as DD-WRT and OpenWrt offer no solution here.


The research was done by the security consultancy company Seismic. Craig Heffner, a researcher with Seismic, will not only present the research results but will also release a proof of concept to demonstrate the vulnerability. Heffner claims that the browser writers and router vendors have had "ample time" to fix the problem, but have failed to do so. The researcher believes this is the best way to get the vendors to haul ass and create some patches.

Half of the routers that have been tested did not appear to be vulnerable. A list of tested routers can be found here, along with their results.