The Wireless Elephant in the Living Room

Presented at ToorCon San Diego 18 (2016), Oct. 15, 2016, 3 p.m. (50 minutes)

Consumer routers and access points are a painful subject for the security community. Amateurs and professionals alike know or at least suspect that their home router is vulnerable in a variety of ways. Many of us simply accept this, crossing our fingers and hoping we won’t be the target of a sophisticated attack. When vulnerabilities are reported to vendors it’s often a game of whack-a-mole - while the issues get resolved, they’re frequently incomplete or insufficient mitigations. Even when a fix is properly applied, vendors will push new products every year with the same sort of vulnerabilities. So how vulnerable is the average consumer? We decided to explore this question by performing a semi-comprehensive analysis of popular consumer products in the space. Using a shallow, broad approach, we investigated what could be found in short order on several products from a variety of vendors and just how easy it would be to exploit from the internal network as well as the Internet. While the answer to this question may not be terribly surprising - it demonstrates the problem. Without accountability, consumers are put at risk time and time again while vendors fail to learn from their mistakes. This talk focuses on some of the worst issues found during the course of this analysis, which vendors held up better than others, and some simple steps that can be taken to protect yourself.

Presenters:

• Jon Barber
  Jon Barber is a security consultant out of NCC Group’s Seattle Office where he performs application and network penetration testing. Jon holds a BS in Computing Security from the Rochester Institute of Technology. In his free time, he helps organize social events at NCC Group, competes in CTFs, and brews tasty coffee.
• Joel St. John   as Joel St John
  Joel is a Seattle-based security consultant with NCC Group. He primarily focuses on web applications, embedded devices, and video game security/anti-cheat, and also leads research efforts for NCC within the Pacific Northwest. Joel holds BS degrees in Computer Science and Mathematics from the University of Alaska Fairbanks, with an emphasis on computer security and information assurance. When not consumed by technology, Joel enjoys hiking, board games, and good beer.

Similar Presentations:

• ToorCon San Diego 17 (2015) / The Consumerization of Home Insecurity
• 31C3 (2014) / The Invisible Committee Returns with "Fuck Off Google": Cybernetics, Anti-Terrorism, and the ongoing case against the Tarnac 10
• LocoMocoSec 2019 / Evolving beyond the vulnerability whack-a-mole game