Fifteen new vulnerabilities reported during router hacking contest

Five popular router models were hacked during the SOHOpelessly Broken competition at DefCon 22

Routers appear to be as insecure as ever, after hackers successfully compromised five popular wireless models during a contest at the DefCon 22 security conference, reporting 15 new vulnerabilities to affected vendors.

The SOHOpelessly Broken contest pitted hackers against 10 router models from different manufacturers: Linksys EA6500, ASUS RT-AC66U, TRENDnet TEW-812DRU, Netgear Centria WNDR4700, Netgear WNR3500U/WNR3500L, TP-Link TL-WR1043ND, D-Link DIR-865L, Belkin N900 DB and the Open Wireless Router firmware developed by the Electronic Frontier Foundation (EFF).

There were three challenges. In one researchers had to demonstrate unpatched -- zero-day -- vulnerabilities in the preselected devices, and received points based on their criticality. The second challenge was a capture-the-flag-style game in which contestants had to hack into routers running known vulnerable firmware to extract sensitive information, and the third was a similar surprise challenge targeting a router from Asus and one from D-Link.

Four contestants participated in the zero-day vulnerability contest and demonstrated exploits for a total of 15 flaws. Eleven of the reported vulnerabilities were submitted by Craig Young, a researcher at security firm Tripwire.

Young is no newcomer to finding vulnerabilities in routers. In February he published research showing that 80 percent of the 25 best-selling SOHO wireless router models on Amazon had vulnerabilities.

Not all of the flaws reported during SOHOpelessly Broken were critical, and in some cases the contestants had to combine several of them to achieve a full compromise, said Stephen Bono, president of Independent Security Evaluators, the security firm that organized the competition together with the EFF.

A full compromise would entail successfully gaining access to execute privileged commands, essentially an attack that gives the hacker full control over the router.

Seven attacks resulted in full compromises and these were performed against the ASUS RT-AC66U, the Netgear Centria WNDR4700 (which suffered two separate hacks), the Belkin N900, the TRENDnet TEW-812DRU and a router made by Actiontec Electronics and provided by Verizon Communications to its subscribers.

The Actiontec router wasn't among those pre-selected for the competition and was brought in by one of the contestants.

"We made an exception and accepted the submission anyway," Bono said.

In another case, one contestant demonstrated a full compromise of his own D-Link DIR-865L router, but it turned out that the device was running a firmware version older than the one indicated by the organizers that wasn't vulnerable to the reported exploit.

One interesting aspect is that only four of the reported vulnerabilities were completely new. The other ones had been discovered and patched in the past in other router models from the same manufacturers, but the vendors did not fix them in the routers selected for this competition.

This type of patching inconsistency happens frequently in the router world, Bono said. Vendors often fix vulnerabilities only in the models for which those flaws were reported by researchers and fail to test if their other products are also vulnerable. In some cases vendors never fix the reported vulnerabilities at all, and sometimes they're not even able to because the flaws are actually in code supplied to them by chipset vendors, he said.

Bono doesn't think the routers that weren't hacked during the contest don't have any vulnerabilities. He believes the results are related to which models the four contestants had access to in advance so they could analyze them, rather than one router being more secure than another.

In general SOHO routers are not designed with security in mind because manufacturers operate on small profit margins and rush to get products to market as fast as possible rather than invest in secure development lifecycles and security audits, Bono said.

Since most routers are vulnerable regardless of who made them, there is little incentive for secure development. However, with large-scale attacks against routers becoming increasingly common and more people understanding the risks associated with router compromises, security can become a differentiator in this market, Bono said.

Join the PC World newsletter!

Error: Please check your email address.

Tags Tp-link TechnologiesActiontec ElectronicsLinksysonline safetyTRENDnetNetworkingroutersbelkinAsustek ComputerExploits / vulnerabilitiesElectronic Frontier Foundationnetworking hardwaresecuritynetgearD-LinkVerizon CommunicationsIndependent Security Evaluators

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?