Presented at
BSidesDC 2014,
Oct. 18, 2014, 10 a.m.
(480 minutes).
ISE researchers have discovered critical security vulnerabilities in numerous small office/home office (SOHO) routers and wire-less access points. We define a critical security vulnerability in a router as one that allows a remote attacker to take full control of the router's configuration settings, or one that allows a local attacker to bypass authentication and take control. This control allows an attacker to intercept and modify network traffic as it enters and leaves the network2.
• All 13 routers evaluated can be taken over from the local network
o 4 of these attacks require no active management session.
• 11 of 13 routers evaluated can be taken over from the WAN
o 2 of these attacks require no active management session.
ISE will be holding a no-holds-barred router hacking competition. There will be three (3) tracks that focus on exploiting vulnera-bilities4.
Track 0 is a pre-con contest. Contestants will need to demonstrate previously unidentified vulnerabilities in off-the-shelf consumer wireless routers. Contestants must provide relevant exploit information to the judges and provide proof of responsible disclosure.
Track 1 is a capture the flag style contest where contestants will be pitted against 10 off-the-shelf SOHO routers, hardened, but with known vulnerabilities. Contestants must identify weaknesses and exploit the routers to gain control. Pop as many as you can to win.
Track 2 is a surprise contest that will take place at random times throughout the conference. A router will be selected at random and contestants will be given a specific objective. The first team to hit the objective wins.
Links:
Similar Presentations: