Fifteen new vulnerabilities reported during router hacking contest

Five popular router models were hacked during the SOHOpelessly Broken competition at DefCon 22

Routers appear to be as insecure as ever, after hackers successfully compromised five popular wireless models during a contest at the DefCon 22 security conference, reporting 15 new vulnerabilities to affected vendors.

The SOHOpelessly Broken contest pitted hackers against 10 router models from different manufacturers: Linksys EA6500, ASUS RT-AC66U, TRENDnet TEW-812DRU, Netgear Centria WNDR4700, Netgear WNR3500U/WNR3500L, TP-Link TL-WR1043ND, D-Link DIR-865L, Belkin N900 DB and the Open Wireless Router firmware developed by the Electronic Frontier Foundation (EFF).

There were three challenges. In one researchers had to demonstrate unpatched -- zero-day -- vulnerabilities in the preselected devices, and received points based on their criticality. The second challenge was a capture-the-flag-style game in which contestants had to hack into routers running known vulnerable firmware to extract sensitive information, and the third was a similar surprise challenge targeting a router from Asus and one from D-Link.

Four contestants participated in the zero-day vulnerability contest and demonstrated exploits for a total of 15 flaws. Eleven of the reported vulnerabilities were submitted by Craig Young, a researcher at security firm Tripwire.

Young is no newcomer to finding vulnerabilities in routers. In February he published research showing that 80 percent of the 25 best-selling SOHO wireless router models on Amazon had vulnerabilities.

Not all of the flaws reported during SOHOpelessly Broken were critical, and in some cases the contestants had to combine several of them to achieve a full compromise, said Stephen Bono, president of Independent Security Evaluators, the security firm that organized the competition together with the EFF.

A full compromise would entail successfully gaining access to execute privileged commands, essentially an attack that gives the hacker full control over the router.

Seven attacks resulted in full compromises and these were performed against the ASUS RT-AC66U, the Netgear Centria WNDR4700 (which suffered two separate hacks), the Belkin N900, the TRENDnet TEW-812DRU and a router made by Actiontec Electronics and provided by Verizon Communications to its subscribers.

The Actiontec router wasn't among those pre-selected for the competition and was brought in by one of the contestants.

"We made an exception and accepted the submission anyway," Bono said.

In another case, one contestant demonstrated a full compromise of his own D-Link DIR-865L router, but it turned out that the device was running a firmware version older than the one indicated by the organizers that wasn't vulnerable to the reported exploit.

One interesting aspect is that only four of the reported vulnerabilities were completely new. The other ones had been discovered and patched in the past in other router models from the same manufacturers, but the vendors did not fix them in the routers selected for this competition.

This type of patching inconsistency happens frequently in the router world, Bono said. Vendors often fix vulnerabilities only in the models for which those flaws were reported by researchers and fail to test if their other products are also vulnerable. In some cases vendors never fix the reported vulnerabilities at all, and sometimes they're not even able to because the flaws are actually in code supplied to them by chipset vendors, he said.

Bono doesn't think the routers that weren't hacked during the contest don't have any vulnerabilities. He believes the results are related to which models the four contestants had access to in advance so they could analyze them, rather than one router being more secure than another.

In general SOHO routers are not designed with security in mind because manufacturers operate on small profit margins and rush to get products to market as fast as possible rather than invest in secure development lifecycles and security audits, Bono said.

Since most routers are vulnerable regardless of who made them, there is little incentive for secure development. However, with large-scale attacks against routers becoming increasingly common and more people understanding the risks associated with router compromises, security can become a differentiator in this market, Bono said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags LinksysActiontec ElectronicsTp-link Technologiesonline safetyNetworkingTRENDnetroutersbelkinExploits / vulnerabilitiesAsustek ComputerElectronic Frontier Foundationnetworking hardwaresecuritynetgearD-LinkIndependent Security EvaluatorsVerizon Communications

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?