Defcon 22 Researchers have unveiled
15 zero day vulnerabilities in four home and small business routers as
part of the SOHOpelessly Broken hacker competition in DEF CON this week.
Four of the 10 routers offered for attack including the ASUS RT-AC66U; Netgear Centria WNDR4700; Belkin N900, and TRENDnet TEW-812DRU were fully compromised.
Those devices allowed attackers to execute privileged commands through holes found on updated firmware.
Blood
was also splattered from an Actiontec Electronics router sold by
Verizon, which was not on the original hit list but was nonetheless
accepted by competition organisers.
The Linksys EA6500; Netgear
WNR3500U/WNR3500L; TP-Link TL-WR1043ND; D-Link DIR-865L, and the
Electronic Frontier Foundation's Open Wireless Router firmware were
either untested or emerged unscathed.
Tripwire researcher and SOHO router fiend Craig Young reported 11 of the 15 flaws uncovered during the competition.
Some
vendors had already patched the zero-day flaws but failed to do so on
the specific models nominated for attack during the competition, a
failure said to be common across small home or office router spruikers.
In January, backdoors were found across routers from manufacturers including Cisco, Netgear and Diamond.
And last year, competition organisers Independent Security Evaluators discovered flaws
ranging from severe to benign in 13 popular routers from the likes of
Linksys, NetGear and Belkin, 11 of which could be hijacked from a wide
area network. All routers were updated at the time of the tests.
No comments:
Post a Comment