Fifteen zero days found in hacker router comp romp
Four routers rooted in SOHOpelessly Broken challenge
Defcon 22 Researchers have unveiled 15 zero day vulnerabilities in four home and small business routers as part of the SOHOpelessly Broken hacker competition in DEF CON this week.
Four of the 10 routers offered for attack including the ASUS RT-AC66U; Netgear Centria WNDR4700; Belkin N900, and TRENDnet TEW-812DRU were fully compromised.
Those devices allowed attackers to execute privileged commands through holes found on updated firmware.
Blood was also splattered from an Actiontec Electronics router sold by Verizon, which was not on the original hit list but was nonetheless accepted by competition organisers.
The Linksys EA6500; Netgear WNR3500U/WNR3500L; TP-Link TL-WR1043ND; D-Link DIR-865L, and the Electronic Frontier Foundation's Open Wireless Router firmware were either untested or emerged unscathed.
Tripwire researcher and SOHO router fiend Craig Young reported 11 of the 15 flaws uncovered during the competition.
Some vendors had already patched the zero-day flaws but failed to do so on the specific models nominated for attack during the competition, a failure said to be common across small home or office router spruikers.
In January, backdoors were found across routers from manufacturers including Cisco, Netgear and Diamond.
And last year, competition organisers Independent Security Evaluators discovered flaws ranging from severe to benign in 13 popular routers from the likes of Linksys, NetGear and Belkin, 11 of which could be hijacked from a wide area network. All routers were updated at the time of the tests.®