Slashdot Mirror

← Back to Stories (view on slashdot.org)

Extraneous Network Services Leave Home Routers Unsecure

Posted by Soulskill on from the doing-it-wrong dept.

An anonymous reader writes "Today's home routers include a multitude of extra functionality, such as the ability to act as a file and print server. An article from CNET shows how an attacker can use vulnerabilities in these services, such as buffer overflows, directory traversal, race conditions, command injections, and bad permissions to take over the router from the local network without knowing the administrative password. Some of the worst vulnerabilities were in undocumented, proprietary services that users cannot disable and allowed an attacker to achieve a root shell. The researchers who discovered the vulnerabilities will be demonstrating them at the Wall of Sheep and Wireless Village at DEF CON."

6 of 63 comments (clear)

  1. slownewsday by djupedal · · Score: 5, Interesting

    Is anyone as tired as I am over these security risks, especially from CNET? I remember when it was announced that someone could spy thru your window, video tape the lights on your modem and decode your communication. Another day, another risk that only happens in either a lab, workshop or a marketer's imagination. 99% are just to attract eyeballs for ad revenue...especially from CNET.

    1. Re:slownewsday by bill_mcgonigle · · Score: 4, Insightful

      I suppose there must've been some new attacks demonstrated. If it was against OpenWRT and its siblings, then probably I'd like to hear about it. All the other proprietary firmwares are assumed to be vulnerable by everybody who cares. Heck, there are still millions of devices running UPnP on the WAN port out there and "nobody" cares.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  2. Simpler than that... by Anonymous Coward · · Score: 5, Interesting

    LOADS of routers are pwned far more easily than that, from simple SQL injection (either via query string or crafting get/post requests), or there's sometimes bootloaders that give *full* access to the filesystem via TFTP (you can download all init scripts for example), you can sometimes find undocumented manufacturer backdoor passwords which are hard coded, and there's lots of misconfigured routers and you can often rely on trivial stuff like default passwords and what not. Even in 2013 there's lots of routers and similar equipment that are sold or configured in a state that isn't far from swiss cheese...

    It's rather easy to poke at the firmware and finding holes using binwalk and IDA Pro if you have basic RE knowledge.

  3. Requires physical access by DeathGrippe · · Score: 4, Informative

    Attacker has to have access from the LAN side, and must install USB memory first.

  4. To be clear by Anonymous Coward · · Score: 5, Interesting

    I looked at some of the source code, and the bash commands they execute, and it looks like you have to be on the local (class C) lan in order to attack at least the Linksys beast (the 192.168.blah.blah sure looks like you can't get there from the WAN side), and if you have the services turned off, then you might be less vulnerable, and if you use hard, non-trivial, non-default passwords, that makes it harder too. I suppose it also helps if you have a router acting as a DNS server, after your WAN facing gateway, and the local DNS box not acting as the main switch (so to sum up, Gateway-DNS-Switch), with everything after the gateway as a Class C lan.

  5. and that's why by bobstreo · · Score: 4, Insightful

    routers should route and probably run access control lists and other firewall stuff like expose some ports in your dmz.

    servers should serve.

    Servers route poorly, routers serve poorly.