Monday, July 8, 2013

[DEFCON 21] Come see my talk at the Wireless Village or Wall of Sheep!

SO HOpelessly Broken: The Implications of Pervasive Vulnerabilities in SOHO router products

SOHO networking devices are used in millions of homes and small businesses around the world for network access; these devices are purchased and installed by consumers with the expectation that their network and digital assets will be protected from attackers.

ISE discovered and identified critical security vulnerabilities in numerous small office/home office (SOHO) routers and wireless access points. Our research is directed at identifying the ubiquity and criticality of vulnerabilities in these devices. We initially evaluated 13 off-the-shelf routers, and demonstrated that 11 of 13 were exploitable by a remote adversary and that all 13 were exploitable by a local adversary on the (W)LAN and Guest (W)LAN. The *critical* vulnerabilities that persist in this class of devices expose an urgent need for deeper security scrutiny.

Our attacks demonstrate varying levels of criticality from unauthenticated router take over, to authenticated takeover that requires minimal participation from users. We will demonstrate a great magnitude of root vulnerabilities ISE discovered during the analysis of SOHO router network services and further breakdown the anatomy of exploitation. Attacks include Buffer Overflows, Cross-Site Request Forgery, Command Injection, DirectoryTraversal, Authentication Bypass, Backdoors and more!

The primary focus of this presentation will be full router compromise by an adversary and its implications, but we will also discuss the evolution of SOHO device functionality, and how the SOHO industry's lack of attention to security has left millions of networks vulnerable to exploitation. Attendees should leave this presentation with increased awareness of SOHO router security and understand how to find and exploit various vulnerabilities found in SOHO network equipment.

Jacob Holcomb (@rootHak42) OSCP, CEH: Residing in Baltimore, MD, Jacob works as a Security Analyst for Independent Security Evaluators. At ISE, Jacob works on projects that involve penetration testing, application security, network security, and exploit research and development. In addition to work related projects, python coding, and his favorite pastime of EIP hunting, Jacob loves to hack his way through the interwebz and has responsibly disclosed several 0-day vulnerabilities in commercial products.

Wall of Sheep DEFCON21 Speaker Workshops:

DEFCON 21 Wireless Village Talks:

No comments:

Post a Comment