Menu
Fifteen new vulnerabilities reported during router hacking contest

Fifteen new vulnerabilities reported during router hacking contest

Five popular router models were hacked during the SOHOpelessly Broken competition at DefCon 22

Routers appear to be as insecure as ever, after hackers successfully compromised five popular wireless models during a contest at the DefCon 22 security conference, reporting 15 new vulnerabilities to affected vendors.

The SOHOpelessly Broken contest pitted hackers against 10 router models from different manufacturers: Linksys EA6500, ASUS RT-AC66U, TRENDnet TEW-812DRU, Netgear Centria WNDR4700, Netgear WNR3500U/WNR3500L, TP-Link TL-WR1043ND, D-Link DIR-865L, Belkin N900 DB and the Open Wireless Router firmware developed by the Electronic Frontier Foundation (EFF).

There were three challenges. In one researchers had to demonstrate unpatched -- zero-day -- vulnerabilities in the preselected devices, and received points based on their criticality. The second challenge was a capture-the-flag-style game in which contestants had to hack into routers running known vulnerable firmware to extract sensitive information, and the third was a similar surprise challenge targeting a router from Asus and one from D-Link.

Four contestants participated in the zero-day vulnerability contest and demonstrated exploits for a total of 15 flaws. Eleven of the reported vulnerabilities were submitted by Craig Young, a researcher at security firm Tripwire.

Young is no newcomer to finding vulnerabilities in routers. In February he published research showing that 80 percent of the 25 best-selling SOHO wireless router models on Amazon had vulnerabilities.

Not all of the flaws reported during SOHOpelessly Broken were critical, and in some cases the contestants had to combine several of them to achieve a full compromise, said Stephen Bono, president of Independent Security Evaluators, the security firm that organized the competition together with the EFF.

A full compromise would entail successfully gaining access to execute privileged commands, essentially an attack that gives the hacker full control over the router.

Seven attacks resulted in full compromises and these were performed against the ASUS RT-AC66U, the Netgear Centria WNDR4700 (which suffered two separate hacks), the Belkin N900, the TRENDnet TEW-812DRU and a router made by Actiontec Electronics and provided by Verizon Communications to its subscribers.

The Actiontec router wasn't among those pre-selected for the competition and was brought in by one of the contestants.

"We made an exception and accepted the submission anyway," Bono said.

In another case, one contestant demonstrated a full compromise of his own D-Link DIR-865L router, but it turned out that the device was running a firmware version older than the one indicated by the organizers that wasn't vulnerable to the reported exploit.

One interesting aspect is that only four of the reported vulnerabilities were completely new. The other ones had been discovered and patched in the past in other router models from the same manufacturers, but the vendors did not fix them in the routers selected for this competition.

This type of patching inconsistency happens frequently in the router world, Bono said. Vendors often fix vulnerabilities only in the models for which those flaws were reported by researchers and fail to test if their other products are also vulnerable. In some cases vendors never fix the reported vulnerabilities at all, and sometimes they're not even able to because the flaws are actually in code supplied to them by chipset vendors, he said.

Bono doesn't think the routers that weren't hacked during the contest don't have any vulnerabilities. He believes the results are related to which models the four contestants had access to in advance so they could analyze them, rather than one router being more secure than another.

In general SOHO routers are not designed with security in mind because manufacturers operate on small profit margins and rush to get products to market as fast as possible rather than invest in secure development lifecycles and security audits, Bono said.

Since most routers are vulnerable regardless of who made them, there is little incentive for secure development. However, with large-scale attacks against routers becoming increasingly common and more people understanding the risks associated with router compromises, security can become a differentiator in this market, Bono said.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags LinksysActiontec ElectronicsTp-link Technologiesonline safetyNetworkingTRENDnetroutersbelkinExploits / vulnerabilitiesAsustek ComputerElectronic Frontier Foundationnetworking hardwaresecuritynetgearD-LinkIndependent Security EvaluatorsVerizon Communications

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments