Symantec: Change Your Router Password
Those who have not changed the default passwords on their home routers may be putting themselves at risk of attack, researchers at Indiana University and Symantec are warning.
Attackers are apparently using JavaScript code to rewrite the configuration of vulnerable routers, the two groups said. The DNS information within the router could be altered to change it to another server that could direct users to pages intended to steal personal data.
The researchers were able to create a single page that was able to exploit the flaws on Linksys, D-Link, and Netgear routers. The flaw would not just affect a single computer, but any machine that uses that router to connect to the Internet.
"I believe this attack has serious widespread implications and affects many millions of users worldwide," Zulfikar Ramzan, a Symantec researcher said. "Fortunately, this attack is easy to defend against as well."
Ramzan recommended that any user who has not changed the default password should do so immediately. Also, he recommended that users do not visit sites that "aren't known to be at least reasonably trustworthy."
All three of the companies listed recommend to users that passwords should be changed during install, however many consumers just plug in their routers without changing the password, leaving the default settings intact.
Most setups don't require any interaction from the user in order to use the Internet with a router.