SO Hopelessly Broken: the implications of pervasive vulnerabilities in SOHO router products.
Speaker(s): Jacob Holcomb
Description: “ISE discovered and identified NEW critical security
vulnerabilities in numerous small office/home office (SOHO) routers and
wireless access points. Our research is directed at identifying the
ubiquity and criticality of vulnerabilities in these devices. We
initially evaluated 13 off-the-shelf routers, and demonstrated that 11
of 13 were exploitable by a remote adversary—and that all 13 were
exploitable by a local adversary on the (W)LAN and Guest (W)LAN. The
critical vulnerabilities that persist in this class of devices expose an
urgent need for deeper security scrutiny.
Our attacks demonstrate varying levels of criticality from
unauthenticated router take over, to authenticated takeover that
requires minimal participation from users. We will demonstrate a great
magnitude of root vulnerabilities ISE discovered during the analysis of
SOHO router network services and further breakdown the anatomy of
exploitation. Attacks include Buffer Overflows, Cross-Site Request
Forgery, Command Injection, Directory Traversal, Authentication Bypass,
Backdoors and more!
The primary focus of this presentation will be full router compromise
by an adversary and its implications, but we will also discuss the
evolution of SOHO device functionality, and how the SOHO industry’s lack
of attention to security has left millions of networks vulnerable to
exploitation. Attendees should leave this presentation with increased
awareness of SOHO router security and understand how to find and exploit
various vulnerabilities found in SOHO network equipment.
We will demonstrate several root exploits and discuss the obstacles we
had to overcome in order to achieve the glorious # shell!”
Bio: “Jacob Holcomb – OSCP, CEH: Residing in Baltimore, MD, Jacob
works as a Security Analyst for Independent Security Evaluators. At
ISE, Jacob works on projects that involve penetration testing,
application security, network security, and exploit research and
development. In addition to work related projects, python coding, and
his favorite pastime of EIP hunting, Jacob loves to hack his way through
the interwebz and has responsibly disclosed several 0-day
vulnerabilities in commercial products.
Derbycon 3.0 Schedule: http://www.derbycon.com/schedule/
NOTE: This talk will slightly differ from the talk I gave at DEFCON 21 Wall of Sheep and Wireless Village. In addition to the exploits I showcased at DEFCON, I will be demonstrating several new ones.