Drive-by pharming: secure your broadband router, and be careful where you surf

New research from the Indiana University School of Informatics suggests that up to half of all broadband users could be at risk from a new type of threat now known as ‘drive-by pharming’.

Using JavaScript, it’s possible for a hacker to change the domain name server (DNS) settings on an unsecured broadband router, and thus divert users away from legitimate sites without them knowing.

Generally, your broadband provider will have set up the router to point to their domain name servers – the machines that translate web addresses and direct the user to the correct place on the Net. By replacing these with rogue servers, fraudsters could send victims to replica websites, stealing personal information along the way, and it would be pretty difficult for the average user to detect – until too late.

Drive-by pharming can be thwarted in part by setting up proper security on the home router. This involves changing the default password, and ensuring the administrative control panel requires the password in order to modify internal settings.

However, it’s also possible for an attacker to trick a user into visiting a particular web page, and then gain access to information on your PC.

“Because of the ease with which drive-by pharming attacks can be launched, it is vital that consumers adequately protect their broadband routers and wireless access points today,” said Oliver Friedrichs, director of Symantec Security Response.

So check those admin passwords, and don’t visit any enticing but naughty websites you see in emails. Simple…