Menu
Home router security to be tested in upcoming hacking contest

Home router security to be tested in upcoming hacking contest

Researchers will compete to exploit previously unknown vulnerabilities in popular home routers

Researchers are gearing up to hack an array of different home routers during a contest next month at the Defcon 22 security conference.

The contest is called SOHOpelessly Broken -- a nod to the small office/home office space targeted by the products -- and follows a growing number of large scale attacks this year against routers and other home embedded systems.

The competition is organized by security consultancy firm Independent Security Evaluators and advocacy group the Electronic Frontier Foundation (EFF), and will have two separate challenges.

The first challenge, known as Track 0, will require researchers to demonstrate exploits for previously unknown, or zero-day, vulnerabilities in a number of popular off-the-shelf consumer wireless routers.

The preselected target devices are: Linksys EA6500, ASUS RT-AC66U, TRENDnet TEW-812DRU, Netgear Centria WNDR4700, Netgear WNR3500U/WNR3500L, TP-Link TL-WR1043ND, D-Link DIR-865L and Belkin N900 DB. The EFF's upcoming Open Wireless Router firmware will also be up for hacking.

Different types of attacks will earn the researchers a different number of points. For example, exploits that result in full router control will be awarded 5,000 points, while those that only cause a denial-of-service condition or low-value information leakage will get 1,000 points. There are also penalties for attacks that require human interaction, authenticated sessions or administrative credentials.

Researchers will prepare their exploits ahead of time and are required to report the vulnerabilities they find to the affected manufacturers ahead of the actual contest. This won't influence their chance of success during the competition because the attacked routers will run specific versions of firmware that have already been announced and won't be updated.

The second challenge, or Track 1, is a capture-the-flag contest where individuals or teams will compete to finish ten objective-based attack scenarios against known vulnerable routers.

The prizes have yet to be announced, but the contest, which is similar to the Pwn2Own hacking competition that targets browsers and mobile devices, is likely to at least bring router vulnerabilities and risks into the spotlight.

It's no secret that the security of routers, and embedded devices in general, has lagged behind that of computer OSes and software. For years researchers have found critical vulnerabilities in a large number of routers, ranging from basic programming errors and hardcoded credentials to more complex flaws in protocol implementations or the administration interface.

Historically the real-world attacks against such devices have been targeted in nature and limited in number, but that's starting to change.

There have been several large scale attacks against routers and embedded devices since the beginning of the year and their number seems to be growing, as attackers begin to understand the potential of compromising such devices.

In March researchers found hundreds of thousands of home routers that had been compromised and had their DNS settings hijacked by attackers. In Poland a similar attack was used to intercept and modify the online banking traffic of home users.

Also this year researchers found thousands of ASUS routers that were exposing the hard drives attached to them to the Internet, a worm infecting Linksys routers and attacks that installed cryptocurrency mining malware on network-attached storage systems.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags intrusiononline safetyNetworkingsecurityroutersExploits / vulnerabilitiesIndependent Security EvaluatorsElectronic Frontier Foundationnetworking hardware

Featured

Slideshows

Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Top 15 Kiwi tech storylines to follow in 2017

Top 15 Kiwi tech storylines to follow in 2017

​The New Year brings the usual new round of humdrum technology predictions, glaringly general, unashamedly safe and perpetually predictable. But while the industry no longer sees value in “cloud is now the norm” type projections, value can be found in following developments of the year previous, analysing behaviours and patterns to formulate a plan for the 12 months ahead. Consequently, here’s the top Kiwi tech storylines to follow in 2017...

Top 15 Kiwi tech storylines to follow in 2017
Show Comments