Menu
Home router security to be tested in upcoming hacking contest

Home router security to be tested in upcoming hacking contest

Researchers will compete to exploit previously unknown vulnerabilities in popular home routers

Researchers are gearing up to hack an array of different home routers during a contest next month at the Defcon 22 security conference.

The contest is called SOHOpelessly Broken -- a nod to the small office/home office space targeted by the products -- and follows a growing number of large scale attacks this year against routers and other home embedded systems.

The competition is organized by security consultancy firm Independent Security Evaluators and advocacy group the Electronic Frontier Foundation (EFF), and will have two separate challenges.

The first challenge, known as Track 0, will require researchers to demonstrate exploits for previously unknown, or zero-day, vulnerabilities in a number of popular off-the-shelf consumer wireless routers.

The preselected target devices are: Linksys EA6500, ASUS RT-AC66U, TRENDnet TEW-812DRU, Netgear Centria WNDR4700, Netgear WNR3500U/WNR3500L, TP-Link TL-WR1043ND, D-Link DIR-865L and Belkin N900 DB. The EFF's upcoming Open Wireless Router firmware will also be up for hacking.

Different types of attacks will earn the researchers a different number of points. For example, exploits that result in full router control will be awarded 5,000 points, while those that only cause a denial-of-service condition or low-value information leakage will get 1,000 points. There are also penalties for attacks that require human interaction, authenticated sessions or administrative credentials.

Researchers will prepare their exploits ahead of time and are required to report the vulnerabilities they find to the affected manufacturers ahead of the actual contest. This won't influence their chance of success during the competition because the attacked routers will run specific versions of firmware that have already been announced and won't be updated.

The second challenge, or Track 1, is a capture-the-flag contest where individuals or teams will compete to finish ten objective-based attack scenarios against known vulnerable routers.

The prizes have yet to be announced, but the contest, which is similar to the Pwn2Own hacking competition that targets browsers and mobile devices, is likely to at least bring router vulnerabilities and risks into the spotlight.

It's no secret that the security of routers, and embedded devices in general, has lagged behind that of computer OSes and software. For years researchers have found critical vulnerabilities in a large number of routers, ranging from basic programming errors and hardcoded credentials to more complex flaws in protocol implementations or the administration interface.

Historically the real-world attacks against such devices have been targeted in nature and limited in number, but that's starting to change.

There have been several large scale attacks against routers and embedded devices since the beginning of the year and their number seems to be growing, as attackers begin to understand the potential of compromising such devices.

In March researchers found hundreds of thousands of home routers that had been compromised and had their DNS settings hijacked by attackers. In Poland a similar attack was used to intercept and modify the online banking traffic of home users.

Also this year researchers found thousands of ASUS routers that were exposing the hard drives attached to them to the Internet, a worm infecting Linksys routers and attacks that installed cryptocurrency mining malware on network-attached storage systems.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Networkingroutersonline safetyintrusionnetworking hardwareElectronic Frontier FoundationExploits / vulnerabilitiesIndependent Security Evaluators

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments