Home Wi-Fi Routers Are Easily Hackable

[HardOCP News]

How secure is your router? If it is on this list, you might want to think about additional security measures.

ISE researchers have discovered critical security vulnerabilities in numerous small office/home office (SOHO) routers and wireless access points. We define a critical security vulnerability in a router as one that allows a remote attacker to take full control of the router's configuration settings, or one that allows a local attacker to bypass authentication and take control. This control allows an attacker to intercept and modify network traffic as it enters and leaves the network.

• All 13 routers evaluated can be taken over from the local network
• 4 of these attacks require no active management session.
• 11 of 13 routers evaluated can be taken over from the WAN
• 2 of these attacks require no active management session.

 

[HardOCP News]

I wrapped mine in tinfoil just to be safe.

 

[Serpent]

Authenticated attack basically is them knowing the default password, which is pretty common sense to change anyway. Since it's on the router itself.

 

[Serpent]

Ah, that was speaking for myself and the actiontec routers.

 

[TheBuzzer]

how about if I use openwrt or ddwrt firmwares?

 

[pgwalsh]

how about if I use openwrt or ddwrt firmwares?

ed zackery

 

[prndll]

4 of these attacks require no active management session.
2 of these attacks require no active management session.
????????????????

 

[Koolthulu]

So someone who knows my password can change my settings. Who would have thought?

 

[Red Squirrel]

Glad Unify is not on that list.

What exactly are they doing though? I understand they may not want to share too much details but the article seems way too broad. Is it certain packets sent that can make it do things it was not suppose to or something?

 

[Dekoth-E-]

Funny, my home router isn't on that list...I wonder why..

Cisco 892-W..

 

[TehWick3d]

Same Cisco ASA5505

 

[/usr/home]

Glad Unify is not on that list.

What exactly are they doing though? I understand they may not want to share too much details but the article seems way too broad. Is it certain packets sent that can make it do things it was not suppose to or something?

Wtf is Unify?

 

[Megalith]

Of course my fucking router is on the list.

 

[sfsuphysics]

I wrapped mine in tinfoil just to be safe.

I unscrewed the antennas on the back of mine, no worries now unless they plug right in!

 

[Methadras]

Asus RT-56U router is not on the list. I'm saved!!!!

 

[climber07]

Not on the list??? Your router just wasn't tested.

 

[brycejones]

Am I missing something or is one of their 'attacks' actually using the correct login info and if the router accepted that it was a fail?

 

[samborarocks]

Don't see the DIR-655 on the list, but since there is another D-Link router on there, it's making me wonder......

 

[Deleted member 88227]

What a dumb test.

 

[pheonix991]

I run tomato, pretty sure I'm good.

 

[wra18th]

For what I can tell, this article is stupid. Just like others have mentioned, the perp needs my log in info. Which in my case is not the default login/password. I changed that minutes after setting it up.

 

[LOCO LAPTOP]

DIR-825 with DD-WRT. Not on that list.

 

[InternationalHat]

This sounds a lot worse than it is... I mean it's bad if your router is setup in a dumb way, but not otherwise.

It's primarily cross-site scripting and cross-site request forgery type stuff using the http interface. Neither of which are really issues if the router doesn't allow administration via the WAN port or guest/open networks. You aren't going to cross site script yourself and hopefully your family isn't going to hack your home's router. UPnP can be an issue internally if people are compromised.

This is I guess more of an issue for default configs and if you're using a SOHO router in a business setting where an employee or someone on a public wifi could get in and f with the router.



Interestingly... pretty much every time we did an internal security audit of a small-medium sized business we had domain admin within a couple days so usually people have more important things to worry about than their router internally. Printers have a ton of vulnerabilities too.

 

[westrock2000]

Am I missing something or is one of their 'attacks' actually using the correct login info and if the router accepted that it was a fail?

Which is why I went and ripped out all the USB ports on my routers. You can't hack my network if you can't plug in your keyboard. It makes sense if you don't think about it.

 

[Proteos]

Asus RT-56U router is not on the list. I'm saved!!!!

Same here! RT-N56U is quite awesome with Padavan's firmware.

 

[Goty]

I see reading comprehension is still on the decline...

Authenticated attacks require that the attacker have access to credentials (or that default router credentials are used—an all-too-common situation) or that a victim is logged in with an active session at the time of the attack.

 

[InternationalHat]

I see reading comprehension is still on the decline...

A number on the list still had unauthenticated attack vectors.

And, some of the authenticated attacks were simple CSRF attacks which should absolutely be fixed. OR even simpler csrf-type vulnerabilities like me knowing your router is 192.168.1.1 and sending you a link that goes to http://192.168.1.1/admin/delete_your_whole_face?lol or to a page with a button that does that and it deletes your entire face because you had an active router session in another tab.

 

[dgingeri]

Well, I know mine won't get hacked. It's a Dell T110 II running Win2012.

 

[Cerulean]

Authenticated attack basically is them knowing the default password, which is pretty common sense to change anyway. Since it's on the router itself.

Hah yeah. I can't tell you how many Hotel Inn's and motels in America have a default password for the administrative web-interface and can be accessed over wireless.

 

[Blackjack]

A number on the list still had unauthenticated attack vectors.

And, some of the authenticated attacks were simple CSRF attacks which should absolutely be fixed. OR even simpler csrf-type vulnerabilities like me knowing your router is 192.168.1.1 and sending you a link that goes to http://192.168.1.1/admin/delete_your_whole_face?lol or to a page with a button that does that and it deletes your entire face because you had an active router session in another tab.

This. People really underestimate just how vulnerable web apps are nowadays. Every developer I've worked with after pentesting their web apps was really confused as to why they need to properly validate their input. Their usual response is "Well who would want to input THAT into that field?" There is no excuse for crappy and insecure coding. It's kinda sad, although I can't complain much since I make a good amount of my living as a White Hat.

 

[Trimlock]

Well, I know mine won't get hacked. It's a Dell T110 II running Win2012.

Are you running a wifi card?

 

[hity645]

Interesting. I was looking at the WiFi networks in my new apartment complex and found one that was broadcasting: "OLDPEOPLESHOULDNOTUSETECHNOLOGY".

 

[NeoNemesis]

I have a Korean router that even I can't configure.

 

[Ultima99]

The 2Wire routers that AT&T uses are really bad too. In fact there was a Defcon presentation about it a couple years back.

 

[Red Squirrel]

Wtf is Unify?

http://www.ubnt.com/unifi

It's not a router, but an access point, but given they are testing the wireless this is probably more relevant than the actual router. (pfsense in my case).

 

[csshih]

4 of these attacks require no active management session.
2 of these attacks require no active management session.
????????????????

LAN vs WAN. reading comprehension!

 

[STrooperTK421]

how about if I use openwrt or ddwrt firmwares?

Good luck with that. DD-WRT...what a pure shit fest it is over there...

Follow the (your brand / model / chipset) wiki...no don't do that it will brick it...no it won't, yes, no, yes, no, yes, no...fuck that. I'll stick with stock and at least I won't brick my router because those people over there can't get their shit straight.

I mean I understand that its complicated, but GODDAMN, if you have a router with a BroadCom chipset in it (like my Linksys E1500), don't bother.

 

[DPI]

I wrapped mine in tinfoil just to be safe.

I wrapped my girlfriend in tinfoil but that was for a whole different reason (we're kinky)

 

[Pieter3dnow]

If it is correct in what i saw on the linksys page with proof of concept they have to do this :

In the following proof of concept attack, we assume that an WRT310v2 device administrator with an active management session established with the router has browsed to a malicious web page. Once there, an automatic form submission takes place to the Administrator's router, from the Administrator's browser. Since the Administrator has a current session established with the router, the form submissions are processed.

Here, the administrator password is changed to ISE_1337, and remote management is enabled on port 1337.

So if you don't go browsing on webpages that are designed to hack your router there is no worry .
How do I know which webpage on the WWW is designed to hack your router. Every link send to you by email which you have no clue about but sounds like it is legit And yes that goes for links through any IM as well . Those have been known to do the same thing even if it is a close friend sending you such a link.

 

[cyzzledyzzle]

My grandson set up my internet so that i just click on GrandpaClickHereForTheInternet in my wireless thing and I'm e-mailing people large Quicktimes of puppies doing silly things before you know it. He said since it's just me i don't have to worry about security.

He's really good with computers, he should really get a job with Belkin. That's the company that makes my internet.

p.s. where's a good site to get free pictures of old women with the silver carpet showing if you know what i mean? send me a reply on an internet if you can help. please, no funny stuff. only sites starting with http://192.168.1.2/admin?u=grampa&p=oldman1927 please.