|Security, CAPTCHA and D-Link Routers|
|Written by HardwareSecrets|
|Friday, 29 May 2009|
Two weeks ago D-Link announced the introduction of a CAPTCHA to confirm configuration changes on some of its wireless routers. According to D-Link, the objective is to prevent that users whose machines have been owned by malware have the DNS settings in the router changes without the user's knowledge.
Changing the DNS settings on a wireless router allows that the access gets redirected to a site a hacker chooses. For instance, by redirecting legitimate access it's possible to make you believe that you're accessing a legitimate online banking website when you're actually entering your account number and PIN into a hacker's system. There are as many DNS redirection uses in attacks as there are cheese in France and it all depends on the hacker's creativity to fool the user.
A CAPTCHA is a challenge presented by a system to ensure that it's a human that is interacting with this system. Usually these challenges are based on the interpretation of something, normally being the answer to questions such as the number of vowels in a word or synonyms for that specific word. These challenges are quite common on free e-mail or online storage websites to prevent hackers from automating the creation of users accounts on these websites to store piracy.
The first thing I thought when I read the release was the if the user's workstation is already taken by malware, this very same malware has absolutely full control over the workstation and could change the DNS configuration of the user's workstation itself, without the added complexity of drilling down a wireless router configuration that could be any brand! Furthermore, why has only D-Link introduced this feature and other manufacturers didn't do the same? The answer is not obvious. HardwareSecrets