Router compromise, rogue remote control? Easy, says ISE

Apr 21, 2013 by Nancy Owano weblog
Belkin N900 router

(Phys.org) —Router hacking is joining the ranks of computer security headaches, where the wireless router becomes the key target for those seeking to trespass into someone else's network. The remote attacker can take full control of the router's settings or just bypass authentication and takes control. The attacker is free to modify traffic as it enters and leaves the network. Wrote Michael Mimoso in Threatpost, from Kasperksy Lab, "Hackers love to attack Java. Why? Well, not only because it is full of holes, but because it's everywhere, embedded on endpoints, Web browsers, mobile devices and more. The same goes for attacking wireless routers; they're buggy and they're everywhere."

Earlier this week, that turned out to be more than a quip as, beyond Kasperksy Lab, other researchers exposed critical security vulnerabilities in small office and home office (SOHO) and wireless access points. The research was from Baltimore, Maryland-based Independent Security Evaluators. Their key findings: All of the 13 routers they looked at can be taken over from the (four never requiring an active management session) and 11 of the 13 can be taken over from the WAN (two never requiring an session).

Actually, there is a another important takeaway from their research: The hacking vulnerabilities they examined do not take a pile of expertise. "Our research indicates that a moderately skilled adversary with LAN or WLAN access can exploit all thirteen routers," they said. But while attackers may not need esoteric skills to break into routers, the ISE experts said the average end user can do little to fully mitigate such attacks."Successful mitigation often requires a level of sophistication and skill beyond that of the average user (and beyond that of the most likely victims)."

ISE's team said the vendors of these networking devices should be in the front of the line for mitigation actions. Actions they can take include preparing firmware upgrades that address the issues, instructing their registered users how to upgrade device firmware; be timely in the issue and customer notification of patches; and design a method for automatic firmware updates with the opportunity for users to opt out; and perform regular security audits to ensure devices are as hardened as possible.

ISE has also announced its future plans toward focusing on SOHO routers. All signs are that they will stay on the case. "Six months after releasing the advisories for the 13 routers, ISE will upgrade the firmware on all 13 routers and perform a reassessment to determine what—if any—impact deeper scrutiny from the security community has brought to the SOHO router industry." According to ISE, its next study may include more than the 13 routers seen so far.

This research was conducted by Jacob Holcomb and directed by Stephen Bono and Sam Small. Jacob Thompson, Kedy Liu, Jad Khalil, and Vincent Faires also contributed.

Explore further: Creating the fastest outdoor wireless Internet connection in the world

More information: securityevaluators.com/content… oho_router_hacks.jsp

Related Stories

Netgear Launches A New Family Of Wireless-N Routers

Sep 29, 2008

Netgear today has announced a new family of Wireless-N networking solutions that will make it easy for anyone to upgrade their wireless home network to Wireless-N technology. This new technology supports the ...

US-CERT says Wi-Fi hole open to brute force attack

Dec 29, 2011

(PhysOrg.com) -- The US Computer Emergency Readiness Team (US-CERT) has issued a warning about a security hole in the Wi-Fi Protected Set-up protocol for Wi-Fi routers. Security researcher Stefan Viehbock ...

China's Huawei responds to US hackers

Aug 01, 2012

Chinese communications giant Huawei Technologies on Wednesday responded to US hackers' claims that its routers were easily cracked, saying its security strategies were rigorous.

Netgear Routers to Add QoS for Home Video Streaming

May 08, 2007

In June, Netgear plans to add quality-of-service (QoS) enhancements to its top-of-the-line RangeMAX 802.11n routers to improve the quality of home video, a source close to the company said.

Recommended for you

Why the Sony hack isn't big news in Japan

1 hour ago

Japan's biggest newspaper, Yomiuri Shimbun, featured a story about Sony Corp. on its website Friday. It wasn't about hacking. It was about the company's struggling tablet business.

Off-world manufacturing is a go with space printer

5 hours ago

On Friday, the BBC reported on a NASA email exchange with a space station which involved astronauts on the International Space Station using their 3-D printer to make a wrench from instructions sent up in ...

Cadillac CT6 will get streaming video mirror

6 hours ago

Cadillac said Thursday it will add high resolution streaming video to the function of a rearview mirror, so that the driver's vision and safety can be enhanced. The technology will debut on the 2016 Cadillac ...

Sony faces 4th ex-employee lawsuit over hack

6 hours ago

A former director of technology for Sony Pictures Entertainment has sued the company over the data breach that resulted in the online posting of his private financial and personal information.

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

VendicarE
1 / 5 (1) Apr 22, 2013

"ISE's team said the vendors of these networking devices should be in the front of the line for mitigation actions." - Article

Nonsense. Doing so would cost the capitalists money.

Remember. The purpose of Capitalists is to provide the worst possible product at the highest possible price.
alfie_null
not rated yet Apr 22, 2013
From the link, five of the routers are not (yet) mentioned by name.

I'd be very interested to also see evaluations of open source router firmware (dd-wrt, etc.).

Likely, a number of vulnerable routers in widespread use are older models manufacturers no longer wish to support. Flashing something like dd-wrt (if supported on the hardware) might be an option for the owner.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.