evilghost
Premium
join:2003-11-22
Springville, AL
 ·Windstream
1 edit | reply to lesopp
Re: So What
This attack uses CSRF to own the router... It's not about the outside getting in, it's about CSRF being used to repoint DNS to hostile servers so MITM attacks or DNS redirection (for phishing; likely) can be easily created.
In theory one could also load Linux powered firmware that would attack nearby APs using brute-force password guessing techniques after association to them as a client; of course this becomes less trivial if the AP is running WPA/WPA2. That would be more "wormlike".
Essentially, own a device with CSRF and use it to own nearby APs. |
