devxlogo

Drive-By Pharming

Definition of Drive-By Pharming

Drive-By Pharming is a cyberattack technique in which an attacker exploits vulnerabilities in a user’s router to change its Domain Name System (DNS) settings without the user’s knowledge. This results in the user being redirected to malicious websites or having their internet traffic intercepted. The attack often occurs when a user visits a compromised website or clicks on a malicious link, unknowingly enabling the attacker to gain unauthorized access to their router.

Phonetic

D-R-I-V-E-B-Y P-H-A-R-M-I-N-GDrive-By Pharming: /’draɪv-baɪ ‘fɑrmɪŋ/

Key Takeaways

  1. Drive-By Pharming involves a cyber attacker exploiting vulnerabilities in Wi-Fi routers and altering their DNS settings to redirect traffic to malicious websites.
  2. This type of attack can compromise the user’s personal and financial information, as users are often unaware that they are browsing fake or malicious websites.
  3. To mitigate Drive-By Pharming risks, users should regularly update their router’s firmware, use strong and unique passwords, and disable remote administration features.

Importance of Drive-By Pharming

Drive-By Pharming is an important technology term because it refers to a type of cyber-attack that can compromise the security of individual users and their personal information.

This type of attack occurs when a user unintentionally visits a malicious website, which then exploits the user’s router vulnerabilities or weak credentials to modify its settings, typically the DNS server addresses.

This change allows the attacker to redirect the user’s web traffic to fraudulent websites, often indistinguishable from the authentic ones.

Hence, users may unknowingly provide their private data to the attackers.

The prominence of Drive-By Pharming underscores the need for heightened cybersecurity measures, including keeping router firmware updated, using strong router authentication credentials, and raising awareness about such threats among internet users.

Explanation

Drive-By Pharming is a malicious cyber-attack technique that targets internet users and aims to compromise their home and corporate internet routers. The primary purpose of Drive-By Pharming is to exploit the vulnerabilities in router configurations by manipulating the device settings without the user’s consent or knowledge. This technique provides a means for the attacker to gain unauthorized access to the target’s network traffic, online communications, and confidential or personal information.

Criminals who employ Drive-By Pharming often have goals that range from identity theft to stealing financial information and credentials. In a typical Drive-By Pharming scenario, a hacker creates a malicious website or injects malicious code into an existing legitimate site. When an unsuspecting user visits that website, the malicious script automatically executes and targets the user’s router, without the need for any user interaction.

The attacker can then modify the router’s settings, such as changing its Domain Name System (DNS) settings, which essentially redirects the user’s internet traffic to fraudulent or malicious websites. This enables the attacker not only to intercept sensitive information, but also exposes the targeted user to potential phishing attempts and other fraudulent activities as they browse the web. To mitigate the risks associated with Drive-By Pharming, users are encouraged to routinely update their router firmware, change default passwords, and employ robust security practices.

Examples of Drive-By Pharming

Drive-By Pharming is a security attack in which an attacker compromises a user’s internet router or wireless access point, often exploiting default or weak credentials. The attacker then changes the victim’s Domain Name System (DNS) server settings, redirecting their web traffic to malicious websites or for different types of phishing or hacking attacks.

In 2008, the Federal Trade Commission (FTC) warned that the website ad.oinadserver.com was responsible for drive-by pharming attacks. The attackers targeted insecure routers and modified their DNS server settings to redirect victims using popular websites like Google and Yahoo to phishing sites.

In 2014, Brazilian hackers targeted the customers of one of the country’s largest internet service providers, Oi Internet Service. They used drive-by pharming attacks to change the DNS server settings, which redirected users to phishing sites that collected their online banking credentials.

In 2016, multiple vulnerabilities were discovered in SOHO (Small Office/Home Office) routers manufactured by the German company AVM. Attackers could remotely access and reconfigure these routers for drive-by pharming attacks. This type of attack allowed hackers to intercept and modify internet traffic, redirecting users to fraudulent websites where they could potentially steal personal information, bank account details, or login credentials.To protect against drive-by pharming attacks, it’s crucial to secure your router with strong, unique credentials and to regularly update your router’s firmware.

Drive-By Pharming FAQ

1. What is Drive-By Pharming?

Drive-By Pharming is a cyber-attack technique that targets the home and small office routers, manipulating their DNS settings to redirect users to malicious websites, subsequently capturing sensitive information of the user such as passwords and financial details.

2. How does Drive-By Pharming work?

Drive-By Pharming works by exploiting security vulnerabilities in the router’s web management interface. The attacker lures the victim to a malicious website or infected ad which then runs a JavaScript in the victim’s browser, targeting the administration settings of the router. The attack succeeds if the user has not changed their default router login credentials or used weak ones.

3. Can I protect myself from Drive-By Pharming attacks?

Yes, you can protect yourself from Drive-By Pharming attacks by taking several precautions. First, change the default login credentials of your router. Second, update your router’s firmware to the latest version to ensure that any security vulnerabilities are patched. Third, ensure that your router management interface is protected by a strong firewall. Lastly, be cautious when visiting unknown websites and avoid clicking on suspicious links.

4. What are the consequences of a successful Drive-By Pharming attack?

A successful Drive-By Pharming attack can lead to substantial security risks, such as stealing sensitive data like banking or login information of the victim. It can also facilitate the redirection of users to malicious websites that can further compromise the user’s system through additional malware exploitation.

5. Are only home routers vulnerable to Drive-By Pharming?

While home and small office routers are the primary targets of Drive-By Pharming attacks, larger organizational routers can also be vulnerable if they do not have proper security measures in place, like a strong firewall, updated firmware, and secure authentication procedures.

Related Technology Terms

  • Phishing Scams
  • Router Hacking
  • Unsecured Wireless Networks
  • Malware Injections
  • Internet Security

Sources for More Information

Technology Glossary

Table of Contents

More Terms