15 New Vulnerabilities Reported During Router Hacking Contest

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Fifteen new vulnerabilities found during DefCon? Obviously the solution is to no longer have DefCon. :)

Routers appear to be as insecure as ever, after hackers successfully compromised five popular wireless models during a contest at the DefCon 22 security conference, reporting 15 new vulnerabilities to affected vendors.
Click to expand...
 
A lot of the issues are hard coded and can not be fixed with firmware, which is why the companies do minor updates and try and people to buy them so they don't have to recall the routers...
 
You shouldn't be using a wireless router as a router. At best you should be using it as an access point behind a real router like ipcop, smoothwall or an appliance based device from Cisco etc.
 
DD-WRT? It doesn't always use the factory drivers/software. Wonder how these same routers would perform if re-flashed with it?
 
So are these vulnerabilities on the WAN interface or the LAN interface?
 
MrValentine said:
DD-WRT? It doesn't always use the factory drivers/software. Wonder how these same routers would perform if re-flashed with it?
Click to expand...

I'm using Open-WRT at home. DD-WRT or Open-WRT, it doesn't matter. It's better than having a router with manufacturer firmware. I had an Engenius router for a while and due to the lack of firmware updates the thing turned into a DOS attack machine for some other hacker. Bought a TP-LINK TL-WR1043ND V2 and threw Open-WRT on it.

ALWAYS BUY A ROUTER WITH DD or OPEN WRT WITH SUPPORT.
 
Is it any surprise that the list of consumer wireless routers have some sort of local vulnerability that is never patched? Their life cycle is pretty much throw away. Replacing the firmware with DD-WRT just turns a toy into a more advanced toy. OpenWRT too, is a toy until a company or individual decides to stack additional features on it and harden their distribution (think AirOS). Tomato is also laughable.

The only wireless AP I trust anymore are from Aruba, Meraki, Ubiquiti, Apple (yes, Apple -- they stay on top of those CVE postings), SonicWall and Cisco. Cisco last because it can be a pain to configure under certain circumstances.

The only off the shelf router/AP combo duty appliance I'd trust with wifi enabled would be a Mikrotik RouterBoard, but it has the same pitfalls as a Cisco.

I really hope that the Actiontec router isn't the standard deployment for FIOS. That'd be nasty :D
 
Ashbringer said:
I'm using Open-WRT at home. DD-WRT or Open-WRT, it doesn't matter. It's better than having a router with manufacturer firmware. I had an Engenius router for a while and due to the lack of firmware updates the thing turned into a DOS attack machine for some other hacker. Bought a TP-LINK TL-WR1043ND V2 and threw Open-WRT on it.

ALWAYS BUY A ROUTER WITH DD or OPEN WRT WITH SUPPORT.
Click to expand...

Or just build your own with Pfsense.
 
Context matters:

One interesting aspect is that only four of the reported vulnerabilities were completely new. The other ones had been discovered and patched in the past in other router models from the same manufacturers, but the vendors did not fix them in the routers selected for this competition.
Click to expand...

So they selected routers they knew would have vulnerabilities and elsewhere they said that all routers were unpatched, meaning that for at least some of these models there may be newer firmware out there. Though it's also true that the average consumer isn't going to patch the router FW even if the vendor supplies a patch.

Still, the whole thing is a sensationalist tempest in a teapot.
 
Farkle said:
Is it any surprise that the list of consumer wireless routers have some sort of local vulnerability that is never patched? Their life cycle is pretty much throw away. Replacing the firmware with DD-WRT just turns a toy into a more advanced toy. OpenWRT too, is a toy until a company or individual decides to stack additional features on it and harden their distribution (think AirOS). Tomato is also laughable.

The only wireless AP I trust anymore are from Aruba, Meraki, Ubiquiti, Apple (yes, Apple -- they stay on top of those CVE postings), SonicWall and Cisco. Cisco last because it can be a pain to configure under certain circumstances.

The only off the shelf router/AP combo duty appliance I'd trust with wifi enabled would be a Mikrotik RouterBoard, but it has the same pitfalls as a Cisco.

I really hope that the Actiontec router isn't the standard deployment for FIOS. That'd be nasty :D
Click to expand...

FiOS absolutely uses that Actiontec router for deployment. You can basically get rid of it. I dropped my DHCP IP table and picked it up on my new router and kept my Actiontec connected only for use with On Demand and DVR sharing.

But most people don't even think about their routers they just assume they work so there is no helping them.
 
Track Drew said:
According to the contest page, its the Actiontec Q1000 used for DSL installs:
http://sohopelesslybroken.com/contests/defcon22/results.php
Click to expand...

Yeah, with FiOS they deploy the Actiontec MI424WR (currently at Rev. I) and they make it rather difficult to opt out of it (they require you to activate your service with it, and then want you to rent it from them).

I had an unusually agreeable tech during my recent install, and I was able to convince him to plug his router in during activation, and then disconnect it and let me plug in my pfSense before he left, taking that piece of garbage with him.

It has terrible wireless performance, poor routing (WAAAY too few states to do a gaming server refresh, especially if you have multiple people playing eachother) and probably similar security issues as the DSL based Actiontec router.

My tech actually got a kick out of installing at my place, as I was doing everything differently (I refused the router and the cable boxes, and got a cable card for install into my Ceton InfiniTV 6 tuner instead)
 
Zarathustra[H];1041025504 said:
It has terrible wireless performance, poor routing
Click to expand...

Largely been corrected in the current revision. The current rev I has none of the performance issues which plagued the rev A -> D devices, or at least that's what I found during my testing.

But back on topic...
 
Track Drew said:
Largely been corrected in the current revision. The current rev I has none of the performance issues which plagued the rev A -> D devices, or at least that's what I found during my testing.

But back on topic...
Click to expand...

When I first had FiOS (back in ~2009?) I got a rev D device (if I recall properly). It had all of these issues. The first thing I did to address problems was to go on eBay and purchase one of the older Westell FiOS routers, which helped a little, but the state table would still be swamped (just not as often) and wireless performance was still pretty bad.

After much whining to tech support I finally got them to replace it with a rev G Actiontec (I believe) which admittedly was much better, but still had all the aforementioned issues.

That's when I went out and bought a Netgear WNDR3700 router, (and a MOCA adapter to maintain set top box connectivity without having to double NAT through the FiOS router).

Again, much better, but problems didn't go away all together. Then I tried flashing it with DD-WRT, which worked beautifully, but it kept overheating and resetting the router.

This is when I just said "fuck it" and installed VMWare ESXi on my previously bare metal NAS box and virtualized pfSense on it, and got a Unifi for Wireless AP. Everything has been beautiful ever since.

Then I moved, lost FiOS, and just recently moved back to an area with FiOS and got it reinstalled, this time with pfSense from the get go, and using MythTV, a Ceton InfiniTV6 tuner and a cable card instead of any set top boxes.

I am very happy (even though MythTV hasn't exactly proven to be the most stable software I've ever used) but it is still better than the alternative.
 
Is OpenWRT/dd-wrt any better? If so, I may take the time to put it on my routers. They're running the latest available TP-LINK firmware for its model.
 
Zarathustra[H];1041025744 said:
This is when I just said "fuck it" and installed VMWare ESXi on my previously bare metal NAS box and virtualized pfSense on it, and got a Unifi for Wireless AP. Everything has been beautiful ever since.
Click to expand...

Yep that's because Ubiquiti AP > all consumer wireless routers lol.
 
Also, I may have missed it in the articles, but where the latest manufacturers firmware updates applied before hacking commenced?
 
I had to wait to hear back from a friend who was there and he said it was a massive joke to hackers there since most of the routers apparently were using what ever firmware they came with. I asked him mostly because I use an AC-66 and I wanted to know what I had to do to limit access since they exploits were not listed. He told me that exploits used were ones that were fixed with Version 3.0.0.4.374.979 2013/10/09 or oct 9, 2013. To me it is bad it was there for a year but it makes me lose a lot of respect for the guys running the event using patched hardware. True people could be running old firmware but funny non the less. He said no one actually got to find out what firmware was on the one from home, so that could have extra vulnerabilities added in to make the story juicier.
 
You must log in or register to reply here.
Back
Top