DEFCON Router Hacking Contest Reveals 15 Major Vulnerabilities – EFF
Dan Geer, Chief Information Security Officer of CIA’s venture capital arm, didn’t mince words when he mentioned the security flaws in home routers during his keynote address at last month’s Black Hat conference in Las Vegas. But he also noted a small silver lining around the dark cloud of router security: people are starting to take the problem much more seriously. As he noted, the “SOHOpelessly Broken” DEFCON hacking contest, co-presented by Independent Security Evaluators and EFF, is drawing attention to security vulnerabilities in routers with the goal of helping to get them fixed.
The contest was a success and the results are alarming: participants documented 15 new 0-day vulnerabilities, including 7 full router takeovers. These attacks took place on Track 0 of the contest.
According to the rules of the contest, an entry wasn’t considered valid unless the contestant also showed proof of disclosure to the manufacturer. Here’s a full list of routers in which 0-days were reported in Track 0, along with our current understanding of the fix in progress:
- ASUS AC66U; reported, but no response from the manufacturer.
- Netgear WNDR4700; reported, but no response from the manufacturer.
- D-LINK 865L; reported, and manufacturer confirms it is working on a fix, currently in beta.
- Belkin N900; reported, and manufacturer acknowledged but was unclear on providing a fix.
- TRENDnet TEW-812DRU; reported, and manufacturer claims all reported 0-days are fixed.
- Actiontec Q1000; reported, and manufacturer acknowledged the report.
For details please see the full contest results.
It’s clear from the fact that the list spans many different manufacturers that the problem is not unique to any one company. It affects nearly all router makers, and a huge percentage of Internet users. And if these brand names are not familiar, that doesn’t mean you’re safe: the Actiontec Q1000, for example, is provided by Verizon Communications to its customers.