Home router security to be tested in upcoming hacking contest

Researchers will compete to exploit previously unknown vulnerabilities in popular home routers

Researchers are gearing up to hack an array of different home routers during a contest next month at the Defcon 22 security conference.

The contest is called SOHOpelessly Broken -- a nod to the small office/home office space targeted by the products -- and follows a growing number of large scale attacks this year against routers and other home embedded systems.

The competition is organized by security consultancy firm Independent Security Evaluators and advocacy group the Electronic Frontier Foundation (EFF), and will have two separate challenges.

The first challenge, known as Track 0, will require researchers to demonstrate exploits for previously unknown, or zero-day, vulnerabilities in a number of popular off-the-shelf consumer wireless routers.

The preselected target devices are: Linksys EA6500, ASUS RT-AC66U, TRENDnet TEW-812DRU, Netgear Centria WNDR4700, Netgear WNR3500U/WNR3500L, TP-Link TL-WR1043ND, D-Link DIR-865L and Belkin N900 DB. The EFF's upcoming Open Wireless Router firmware will also be up for hacking.

Different types of attacks will earn the researchers a different number of points. For example, exploits that result in full router control will be awarded 5,000 points, while those that only cause a denial-of-service condition or low-value information leakage will get 1,000 points. There are also penalties for attacks that require human interaction, authenticated sessions or administrative credentials.

Researchers will prepare their exploits ahead of time and are required to report the vulnerabilities they find to the affected manufacturers ahead of the actual contest. This won't influence their chance of success during the competition because the attacked routers will run specific versions of firmware that have already been announced and won't be updated.

The second challenge, or Track 1, is a capture-the-flag contest where individuals or teams will compete to finish ten objective-based attack scenarios against known vulnerable routers.

The prizes have yet to be announced, but the contest, which is similar to the Pwn2Own hacking competition that targets browsers and mobile devices, is likely to at least bring router vulnerabilities and risks into the spotlight.

It's no secret that the security of routers, and embedded devices in general, has lagged behind that of computer OSes and software. For years researchers have found critical vulnerabilities in a large number of routers, ranging from basic programming errors and hardcoded credentials to more complex flaws in protocol implementations or the administration interface.

Historically the real-world attacks against such devices have been targeted in nature and limited in number, but that's starting to change.

There have been several large scale attacks against routers and embedded devices since the beginning of the year and their number seems to be growing, as attackers begin to understand the potential of compromising such devices.

In March researchers found hundreds of thousands of home routers that had been compromised and had their DNS settings hijacked by attackers. In Poland a similar attack was used to intercept and modify the online banking traffic of home users.

Also this year researchers found thousands of ASUS routers that were exposing the hard drives attached to them to the Internet, a worm infecting Linksys routers and attacks that installed cryptocurrency mining malware on network-attached storage systems.

Join the Good Gear Guide newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags intrusiononline safetyNetworkingsecurityroutersExploits / vulnerabilitiesIndependent Security EvaluatorsElectronic Frontier Foundationnetworking hardware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?