A Cross-Site Request Forgery or CSRF attack is a way that hackers may attempt to get information from sensitive sites that you use (such as your bank, email system, or Facebook) without your knowledge. Normally, to get into these sites you’d need a userid and password. However, if you’re already logged into one of these sites, a hacker may be able to use that to trick the computer into doing things it really shouldn’t. A CSRF attack typically looks like this:
- You browse to a web page that has a hacker’s nefarious code loaded onto it. The hacker may control the site and you may have been tricked into going there, or the hacker was able to find a way to leave his code on a legitimate site’s page.
- Your browser downloads the page and begins to communicates with other servers to load everything necessary for the page. This is normal – web pages often contain pictures that are hosted at different sites.
- The hacker’s code that’s part of the web page may contain instructions to get information from a site he wishes to attack – say your bank. These instructions will attempt to get some sensitive information and send it to the hacker.
- Normally, the bank will block this request because you aren’t logged in to the bank at that moment. End of attack.
- However, if you do happen to be logged into the bank at that moment in another browser tab, it is possible that the bank will service this request.
- Bye Bye banking information.
Now before you get too excited about this know that the website developers at your bank, email provider, Facebook, etc. ALL know about CSRF attacks. They’ve all set their systems up to detect this type of attack and shut it down using well known methods.
However, some router firmware developers seem not to have gotten the memo. Routers are notoriously vulnerable to CSRF attacks. How is that? Remember that routers are typically configured with a web browser connected to an embedded web server inside the router. If you have a vulnerable router and are logged into it, going to the wrong website may attempt to reconfigure it. In particular, hackers may try to change your DNS servers or start some port forwarding.
For some examples of CSRF attacks that really happened, please look here.