The Email that Hacks You

**AlexNguyen** · 11-28-2012 02:25 PM

Source: How an email Could Compromise your Wireless Router.

Opening a legitimate looking email on an iPhone, iPad or Mac while using an Asus router with a default or guessable password could compromise the security of your internal network.

There's a short video that demonstrates the problem. In this demonstration, the victim receives an email - when the email is opened, the internal network is compromised (The DNS servers used by the router were changed to an IP address controlled by the attacker).

**paulgswanson** · 11-28-2012 03:10 PM

nice, that looks stupidly easy... My passwords are obviously secure but I think im gonna start checking the source code on my spams emails just for giggles to see whats hidden in there. I would never have though that the div section could contain dirty code like that.

**RobertKaucher** · 11-28-2012 03:49 PM

BTW, I see no reason why this would not work on an Android or any other device for that matter, if it autoloaded the images.

**the_Grinch** · 11-28-2012 03:50 PM

Someone uses Asus routers?

**RobertKaucher** · 11-28-2012 03:54 PM

That's exactly what I thought when I read it!

**nosoup4u** · 11-28-2012 04:07 PM

In soviet rus.......

**jibbajabba** · 11-28-2012 05:27 PM

Asuwhat?

**Roguetadhg** · 11-28-2012 05:30 PM

I'm glad I'm not the only one that thought "Asus made routers?!"

What's next, a Nike Switch?

**Zartanasaurus** · 11-28-2012 05:34 PM

Originally Posted by nosoup4u

In soviet rus.......

Beat me to it.

**SephStorm** · 11-28-2012 05:56 PM

I always knew that auto-ex email code was an issue, and yet every version of microsoft outlook, and some other email clients auto open emails when you click on them, and I believe runs in html mode by default, allowing images to be loaded. I propose a petition to remove the preview pane as a default setting.

(its also interesting that I was reading an old security book that says instead of deleting malicious emails you should open them an view the (possibly falsified) headers... I guess the author wasn't aware of falsified headers, or autoloaded malware.)

**tpatt100** · 11-28-2012 06:58 PM

Originally Posted by the_Grinch

Someone uses Asus routers?

I bought an Asus RT-N66U router when my original one died. I got it based on reviews that it was one of the best performing home routers available now.

**Lizano** · 11-28-2012 07:12 PM

Asus makes routers?

I love their tablets, but routers?

**ptilsen** · 11-28-2012 07:21 PM

I'm surprised this is the first such vulnerability I've read about. I've been wondering for a long time now what would stop some kind of exploit or otherwise nefarious activity from taking place in HTML embedded in emails. It's so stupidly easy to implement that I'm really shocked we don't run into it all the time.

As far as Asus routers, all the Taiwanese computer/networking/component companies eventually expand into each others' markets. Anyone who has watched Newegg much over the years will see it. It's to the point where you can almost pick a vendor and make a PC using entirely their components (with CPUs as the obvious exception).

**jgill** · 11-28-2012 07:47 PM

Hmmmmmm....

**eansdad** · 11-29-2012 12:07 PM

I don't see why it would be limited to just Asus routers, the article mentions that they only tested this on 2 Asus routers and that others are possible. I would guess with a little more scripting (maybe a call to a rainbow file) any password could be cracked. Would make the email larger but how many users actually check the email size?

Thinking of testing it out on some older Belkin and DLinks I have laying around.

Thread: The Email that Hacks You

Thread Tools

The Email that Hacks You

Social Networking & Bookmarks

Bookmarks

Featured Sponsors