“ISE discovered and identified NEW critical security vulnerabilities in numerous small office/home office (SOHO) routers and wireless access points. Our research is directed at identifying the ubiquity and criticality of vulnerabilities in these devices. We initially evaluated 13 off-the-shelf routers, and demonstrated that 11 of 13 were exploitable by a remote adversary—and that all 13 were exploitable by a local adversary on the (W)LAN and Guest (W)LAN. The critical vulnerabilities that persist in this class of devices expose an urgent need for deeper security scrutiny.
Our attacks demonstrate varying levels of criticality from unauthenticated router take over, to authenticated takeover that requires minimal participation from users. We will demonstrate a great magnitude of root vulnerabilities ISE discovered during the analysis of SOHO router network services and further breakdown the anatomy of exploitation. Attacks include Buffer Overflows, Cross-Site Request Forgery, Command Injection, Directory Traversal, Authentication Bypass, Backdoors and more!
The primary focus of this presentation will be full router compromise by an adversary and its implications, but we will also discuss the evolution of SOHO device functionality, and how the SOHO industry’s lack of attention to security has left millions of networks vulnerable to exploitation. Attendees should leave this presentation with increased awareness of SOHO router security and understand how to find and exploit various vulnerabilities found in SOHO network equipment.
DEMONSTRATION: We will demonstrate several root exploits and discuss the obstacles we had to overcome in order to achieve the glorious # shell!”
“Jacob Holcomb – OSCP, CEH: Residing in Baltimore, MD, Jacob works as a Security Analyst for Independent Security Evaluators. At ISE, Jacob works on projects that involve penetration testing, application security, network security, and exploit research and development. In addition to work related projects, python coding, and his favorite pastime of EIP hunting, Jacob loves to hack his way through the interwebz and has responsibly disclosed several 0-day vulnerabilities in commercial products. Blog: http://infosec42.blogspot.com LinkedIn: http://www.linkedin.com/in/infosec42 Twitter: @rootHak42″