The vulnerability of home routers has been widely discussed, but there has been significant skepticism in many quarters about the viability of using them to perform damaging attacks by hosting malware. Others have argued that traditional malware prevention technologies will function for routers. In this paper we show how easily and effectively a home router can be repurposed to perform a mid-stream script injection attack. This attack transparently siphons off many cases of user entered form-data, including usernames and passwords. Additionally, the attack can take place over a long period of time affecting the user at a large number of sites allowing a user's information to be easily correlated by one attacker. The script injection attack is performed through malware placed on an insecure home router, between the client and server. We implemented the attack on a commonly deployed home router to demonstrate its realizability and potential, and the danger of malware on home routers. Next, we propose and implement efficient countermeasures to discourage or prevent both our attack and other web targeted script injection attacks. The countermeasures are a form of short-term tamper-prevention based on obfuscation and cryptographic hashing. It takes advantage of the fact that web scripts are both delivered and interpreted on demand. Rather than preventing the possibility of attack altogether, they simply raise the cost of the attack to make it non-profitable thus removing the incentive to attack in the first place. These countermeasures are robust and practically deployable: they permit caching, are deployed server-side, but push most of the computational effort to the client. Further, the countermeasures do not require the modification of browsers or Internet standards.
Keywords:Man-In-The-Middle, JavaScript, Phishing, script injection
Paper will be made available on this site soon.