Router compromise, rogue remote control? Easy, says ISE

Apr 21, 2013 by Nancy Owano weblog
Belkin N900 router

(Phys.org) —Router hacking is joining the ranks of computer security headaches, where the wireless router becomes the key target for those seeking to trespass into someone else's network. The remote attacker can take full control of the router's settings or just bypass authentication and takes control. The attacker is free to modify traffic as it enters and leaves the network. Wrote Michael Mimoso in Threatpost, from Kasperksy Lab, "Hackers love to attack Java. Why? Well, not only because it is full of holes, but because it's everywhere, embedded on endpoints, Web browsers, mobile devices and more. The same goes for attacking wireless routers; they're buggy and they're everywhere."

Earlier this week, that turned out to be more than a quip as, beyond Kasperksy Lab, other researchers exposed critical security vulnerabilities in small office and home office (SOHO) and wireless access points. The research was from Baltimore, Maryland-based Independent Security Evaluators. Their key findings: All of the 13 routers they looked at can be taken over from the (four never requiring an active management session) and 11 of the 13 can be taken over from the WAN (two never requiring an session).

Actually, there is a another important takeaway from their research: The hacking vulnerabilities they examined do not take a pile of expertise. "Our research indicates that a moderately skilled adversary with LAN or WLAN access can exploit all thirteen routers," they said. But while attackers may not need esoteric skills to break into routers, the ISE experts said the average end user can do little to fully mitigate such attacks."Successful mitigation often requires a level of sophistication and skill beyond that of the average user (and beyond that of the most likely victims)."

ISE's team said the vendors of these networking devices should be in the front of the line for mitigation actions. Actions they can take include preparing firmware upgrades that address the issues, instructing their registered users how to upgrade device firmware; be timely in the issue and customer notification of patches; and design a method for automatic firmware updates with the opportunity for users to opt out; and perform regular security audits to ensure devices are as hardened as possible.

ISE has also announced its future plans toward focusing on SOHO routers. All signs are that they will stay on the case. "Six months after releasing the advisories for the 13 routers, ISE will upgrade the firmware on all 13 routers and perform a reassessment to determine what—if any—impact deeper scrutiny from the security community has brought to the SOHO router industry." According to ISE, its next study may include more than the 13 routers seen so far.

This research was conducted by Jacob Holcomb and directed by Stephen Bono and Sam Small. Jacob Thompson, Kedy Liu, Jad Khalil, and Vincent Faires also contributed.

Explore further: DOCOMO and Huawei confirm LTE network over unlicensed spectrum

More information: securityevaluators.com/content… oho_router_hacks.jsp

Related Stories

Netgear Launches A New Family Of Wireless-N Routers

Sep 29, 2008

Netgear today has announced a new family of Wireless-N networking solutions that will make it easy for anyone to upgrade their wireless home network to Wireless-N technology. This new technology supports the ...

US-CERT says Wi-Fi hole open to brute force attack

Dec 29, 2011

(PhysOrg.com) -- The US Computer Emergency Readiness Team (US-CERT) has issued a warning about a security hole in the Wi-Fi Protected Set-up protocol for Wi-Fi routers. Security researcher Stefan Viehbock ...

China's Huawei responds to US hackers

Aug 01, 2012

Chinese communications giant Huawei Technologies on Wednesday responded to US hackers' claims that its routers were easily cracked, saying its security strategies were rigorous.

Netgear Routers to Add QoS for Home Video Streaming

May 08, 2007

In June, Netgear plans to add quality-of-service (QoS) enhancements to its top-of-the-line RangeMAX 802.11n routers to improve the quality of home video, a source close to the company said.

Recommended for you

Bringing emergency communications together

5 hours ago

A new University of Adelaide research project aims to improve emergency operations through integrated communications systems for police and the emergency services.

For top broadband policy, look no further than Canada

Aug 20, 2014

You might have seen communications minister Malcolm Turnbull raising the issue about Australian press not discussing policy problems and solutions from overseas, in a speech delivered at the Lowy Institute Media Awards last week: ...

Cities, states face off on municipal broadband

Aug 19, 2014

Wilson, N.C., determined nearly a decade ago that high-speed Internet access would be essential to the community's social and economic health in the 21st century, just as electricity, water and sewers were in the previous ...

New loss mechanism for global 4G roaming

Aug 19, 2014

A loss mechanism that has not been an issue in previous mobile handset antennas will become important for global 4G roaming, according to results of experiments carried out in Aalborg, Denmark.

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

VendicarE
1 / 5 (1) Apr 22, 2013

"ISE's team said the vendors of these networking devices should be in the front of the line for mitigation actions." - Article

Nonsense. Doing so would cost the capitalists money.

Remember. The purpose of Capitalists is to provide the worst possible product at the highest possible price.
alfie_null
not rated yet Apr 22, 2013
From the link, five of the routers are not (yet) mentioned by name.

I'd be very interested to also see evaluations of open source router firmware (dd-wrt, etc.).

Likely, a number of vulnerable routers in widespread use are older models manufacturers no longer wish to support. Flashing something like dd-wrt (if supported on the hardware) might be an option for the owner.