Fifteen new vulnerabilities reported during router hacking contest

Five popular router models were hacked during the SOHOpelessly Broken competition at DefCon 22

Routers appear to be as insecure as ever, after hackers successfully compromised five popular wireless models during a contest at the DefCon 22 security conference, reporting 15 new vulnerabilities to affected vendors.

The SOHOpelessly Broken contest pitted hackers against 10 router models from different manufacturers: Linksys EA6500, ASUS RT-AC66U, TRENDnet TEW-812DRU, Netgear Centria WNDR4700, Netgear WNR3500U/WNR3500L, TP-Link TL-WR1043ND, D-Link DIR-865L, Belkin N900 DB and the Open Wireless Router firmware developed by the Electronic Frontier Foundation (EFF).

There were three challenges. In one researchers had to demonstrate unpatched -- zero-day -- vulnerabilities in the preselected devices, and received points based on their criticality. The second challenge was a capture-the-flag-style game in which contestants had to hack into routers running known vulnerable firmware to extract sensitive information, and the third was a similar surprise challenge targeting a router from Asus and one from D-Link.

Four contestants participated in the zero-day vulnerability contest and demonstrated exploits for a total of 15 flaws. Eleven of the reported vulnerabilities were submitted by Craig Young, a researcher at security firm Tripwire.

Young is no newcomer to finding vulnerabilities in routers. In February he published research showing that 80 percent of the 25 best-selling SOHO wireless router models on Amazon had vulnerabilities.

Not all of the flaws reported during SOHOpelessly Broken were critical, and in some cases the contestants had to combine several of them to achieve a full compromise, said Stephen Bono, president of Independent Security Evaluators, the security firm that organized the competition together with the EFF.

A full compromise would entail successfully gaining access to execute privileged commands, essentially an attack that gives the hacker full control over the router.

Seven attacks resulted in full compromises and these were performed against the ASUS RT-AC66U, the Netgear Centria WNDR4700 (which suffered two separate hacks), the Belkin N900, the TRENDnet TEW-812DRU and a router made by Actiontec Electronics and provided by Verizon Communications to its subscribers.

The Actiontec router wasn't among those pre-selected for the competition and was brought in by one of the contestants.

"We made an exception and accepted the submission anyway," Bono said.

In another case, one contestant demonstrated a full compromise of his own D-Link DIR-865L router, but it turned out that the device was running a firmware version older than the one indicated by the organizers that wasn't vulnerable to the reported exploit.

One interesting aspect is that only four of the reported vulnerabilities were completely new. The other ones had been discovered and patched in the past in other router models from the same manufacturers, but the vendors did not fix them in the routers selected for this competition.

This type of patching inconsistency happens frequently in the router world, Bono said. Vendors often fix vulnerabilities only in the models for which those flaws were reported by researchers and fail to test if their other products are also vulnerable. In some cases vendors never fix the reported vulnerabilities at all, and sometimes they're not even able to because the flaws are actually in code supplied to them by chipset vendors, he said.

Bono doesn't think the routers that weren't hacked during the contest don't have any vulnerabilities. He believes the results are related to which models the four contestants had access to in advance so they could analyze them, rather than one router being more secure than another.

In general SOHO routers are not designed with security in mind because manufacturers operate on small profit margins and rush to get products to market as fast as possible rather than invest in secure development lifecycles and security audits, Bono said.

Since most routers are vulnerable regardless of who made them, there is little incentive for secure development. However, with large-scale attacks against routers becoming increasingly common and more people understanding the risks associated with router compromises, security can become a differentiator in this market, Bono said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securityNetworkingD-LinkLinksysroutersonline safetynetgearnetworking hardwarebelkinVerizon CommunicationsElectronic Frontier FoundationExploits / vulnerabilitiesAsustek ComputerIndependent Security EvaluatorsTRENDnetTp-link TechnologiesActiontec Electronics

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Brand Post

PC World Evaluation Team Review - MSI GT75 TITAN

"I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it."

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?