'SOHOpelessly Broken' Exposes Common Router Flaws
As it turns out, just putting a password on your wireless network may not make it safe. Security researchers took eleven widely used small-office and home-office (SOHO) wireless routers and discovered easily exploitable flaws in four of them — and they did it just for fun.
At last week's DEF CON 22 security conference in Las Vegas, security researchers and expert hackers took part in the SOHOpelessly Broken competition to see how quickly and effectively they could compromise some of consumers' favorite routers.
The ASUS RT-AC66U, Belkin N900DB, D-Link DIR-865L, Linksys EA6500, Netgear Centria WNDR4700, Netgear WNR3500U, Netgear WNR3500L, TP-Link TL-WR1043ND and the TRENDnet TEW-812DRU were all present and accounted for.
Also tested were a combination modem/router made by Actiontec Electronics for Verizon's Internet service customers, and the Electronic Frontier Foundation's experimental Open Wireless Router firmware, which so far runs only on the Netgear WNDR3800.
Contestants first tried to find zero-day exploits, or security flaws that no one has previously discovered. Researchers came up with 15 in the space of less than an hour, 11 of which were found by a single researcher.
Next, the contest charged researchers with hacking into routers as quickly as they could using known vulnerabilities. Many routers fell prey to vulnerabilities that had already been patched in similar hardware. These vulnerabilities may have persisted because router manufacturers tend to fix only what's known to be broken, not what could be affected in sister products.
In the end, researchers were able to exploit the ASUS RT-AC66U, the Netgear WNDR4700, the Belkin N900DB and the TRENDnet TEW-812DRU completely. Other routers fared better, with their scoresheets ranging from minor intrusions to complete protection from common hacks.
Even if your router is one that the researchers hacked, you don't necessarily have to worry. These hacks were the result of some of the top security experts in the world putting their heads together for a very specific purpose. There's no evidence that malefactors have tried the same exploits in the wild.
Many of the hacks were also roundabout and required a lot of moving pieces to work properly. This is fun for security researchers, but less so for malicious hackers, who would usually rather take the path of least resistance to your data.
The best thing you can do for your router is to keep its firmware updated, or use the EFF's experimental firmware if you happen to have a Netgear WNDR3800. Be careful about public Wi-Fi networks, too; a hacker is much more likely to target one of those than your personal network.
- 7 Scariest Security Threats Headed Your Way
- Identity Theft Victim? Here's 6 Things You Need to Do
- 10 Facebook Privacy and Security Settings to Lock Down