As Golem.de reports, there are two new exploits for unprotected routers. This shows once again why it is so important to be able to choose a router yourself.
Malware 1, baptized "Moss / Linux" can be used to retrieve social media logins and also to automatically create (fake) accounts in the networks yourself. Attacked are Linux-based routers - but a good part of the devices on the market is attacked.
Malware 2 works via an encrypted Javascript code, which the user can call up unnoticed when embedded on a website. This code then attempts to find the router and exploit the common security gaps there. If this works, the DNS settings are changed so that the usual websites are not called up - the user can then catch further malware.
As usual lately, the security holes are problems that will be avoided by appropriate updates from the manufacturers. According to Golem. the best remedy is an up-to-date firmware and a router password that is as strong as possible. Unfortunately, many providers leave the user no choice: if you don't get a password, there is no way to exchange the router for a model with more frequent updates. Especially cable network customers are usually completely dependent on using the device provided by the provider.
The contribution Two new router exploits is first on routerzwang.de and was published by fjeromin ...written.
English 
Deutsch 
Français 
Español