Home router security to be tested in upcoming hacking contest

Researchers will compete to exploit previously unknown vulnerabilities in popular home routers

Researchers are gearing up to hack an array of different home routers during a contest next month at the Defcon 22 security conference.

The contest is called SOHOpelessly Broken -- a nod to the small office/home office space targeted by the products -- and follows a growing number of large scale attacks this year against routers and other home embedded systems.

The competition is organized by security consultancy firm Independent Security Evaluators and advocacy group the Electronic Frontier Foundation (EFF), and will have two separate challenges.

The first challenge, known as Track 0, will require researchers to demonstrate exploits for previously unknown, or zero-day, vulnerabilities in a number of popular off-the-shelf consumer wireless routers.

The preselected target devices are: Linksys EA6500, ASUS RT-AC66U, TRENDnet TEW-812DRU, Netgear Centria WNDR4700, Netgear WNR3500U/WNR3500L, TP-Link TL-WR1043ND, D-Link DIR-865L and Belkin N900 DB. The EFF's upcoming Open Wireless Router firmware will also be up for hacking.

Different types of attacks will earn the researchers a different number of points. For example, exploits that result in full router control will be awarded 5,000 points, while those that only cause a denial-of-service condition or low-value information leakage will get 1,000 points. There are also penalties for attacks that require human interaction, authenticated sessions or administrative credentials.

Researchers will prepare their exploits ahead of time and are required to report the vulnerabilities they find to the affected manufacturers ahead of the actual contest. This won't influence their chance of success during the competition because the attacked routers will run specific versions of firmware that have already been announced and won't be updated.

The second challenge, or Track 1, is a capture-the-flag contest where individuals or teams will compete to finish ten objective-based attack scenarios against known vulnerable routers.

The prizes have yet to be announced, but the contest, which is similar to the Pwn2Own hacking competition that targets browsers and mobile devices, is likely to at least bring router vulnerabilities and risks into the spotlight.

It's no secret that the security of routers, and embedded devices in general, has lagged behind that of computer OSes and software. For years researchers have found critical vulnerabilities in a large number of routers, ranging from basic programming errors and hardcoded credentials to more complex flaws in protocol implementations or the administration interface.

Historically the real-world attacks against such devices have been targeted in nature and limited in number, but that's starting to change.

There have been several large scale attacks against routers and embedded devices since the beginning of the year and their number seems to be growing, as attackers begin to understand the potential of compromising such devices.

In March researchers found hundreds of thousands of home routers that had been compromised and had their DNS settings hijacked by attackers. In Poland a similar attack was used to intercept and modify the online banking traffic of home users.

Also this year researchers found thousands of ASUS routers that were exposing the hard drives attached to them to the Internet, a worm infecting Linksys routers and attacks that installed cryptocurrency mining malware on network-attached storage systems.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags intrusiononline safetyNetworkingsecurityroutersExploits / vulnerabilitiesIndependent Security EvaluatorsElectronic Frontier Foundationnetworking hardware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?