back to article L33t haxxors compete to p0wn popular home routers

Gird your loins router-makers: a throng of hackers are set to pry apart your woefully insecure hardware in a competition to expose bad firmware and hard-coded credentials. The competition will take place at the DEF CON 22 conference and glories in the name "SOHOpelessly Broken". The event is the brainchild of the Electronic …

  1. Lionel Baden

    BT Routers

    Please dont try and pwn these, They keep on locking us out further and further and just making our lives a misery when we need to get into the guts of them.

    or better yet pwn it so badly i can demand a newer model :D

    1. big_D

      Re: BT Routers

      Locking you further and further out has nothing to do with how secure or insecure the router is to attack. ;-)

      1. asdf

        Re: BT Routers

        Except if the router is insecure then it becomes perhaps possible to get around them locking you down. I know getting root on my DSL router took a webui hack (granted on LAN and not WAN side) not allowed by my ISP but allowed me to tell what kind of QOS the router could run (a complete joke, as well as Linux kernel from 2005 or so) and that I needed my own home router (with DSL in transparent bridge mode) if I wanted a decent QOS setup.

  2. Ragarath

    Good competition!

    I think this is a great competition, it will help us know which manufacturers are taking the mickey.

    Several makes I avoid now by finding out myself you can't do simple things like change the admin username. Although I hope the exploits are not revealed until the manufacturers have had a chance to patch them.

  3. Anonymous Coward
    Anonymous Coward

    And before any troll complains that it's "pwn" not "p0wn", consider that the 0 is adjacent to the p on the keyboard, meaning it's just as feasible for someone to miss the o and land BETWEEN the p and the 0, hitting BOTH at the same time and producing "p0". I've been known to hit two keys at once with my fat fingers.

  4. Mark Allen

    Security changes with cost

    Good to see this exposure going on. Though I don't see the point in bricking or denial of service as this just makes the owner replace them with a new one. It is the hijacking that is sneaky. I had some TP-Link routers out with (home user) clients, all sub-£50 kit. At the start of the year they had DNS settings changed from the WAN side even though they were "secure" with no external ports open. Access to Facebook or Google would get redirects to ask them to "install a Flash update". Clever little hacker.

    In this case, TP-Link had new firmware out within a month for the current models. For the older models, they happily swapped them on their 3 year warranty. Surprisingly good service. (I don't work for TP-Link)

    @Ragarath: Don't avoid *manufacturers* if you can't change the Admin Username. This is often a model specific thing. Pay more, get more features. Those basic ADSL routers I mentioned above had fixed usernames, but only a tenner more up the range and the username can be edited.

    Worst are the ISPs who supply routers that are "password protected" to their clients and then refuse to let the client have access to the router. You have no way of checking if they have been hit or not!

    1. Anonymous Coward
      Anonymous Coward

      Re: Security changes with cost

      £100 Buffalo router running DD-WRT - admin user name cannot be edited. I'd say £100 should be adequate wedge for a home route, so screw Buffalo.

      When I have the time, it'll be getting flashed with OpenWRT (as Buffalo can't be arsed to release new firmware).

      1. Mark Allen

        Re: Security changes with cost

        "Screw Buffalo" for their lack of firmware updates. Agree with that.

        Funnily enough, while dealing with the TP-Link router replacements I found a client with an old-ish Buffalo router. Clearly had the same identical hardware and firmware as the TP-Links I was swapping out. Admin pages were identically laid out. All except for the colour and company name in the corner.

        They were so identical that the exact same DNS compromise was visible. Hacked from the WAN in the same way. Yet trying to locate updated Buffalo firmware was impossible. So that Buffalo router was upgraded with a large hammer and then replaced with a different brand.

        I get a feeling many of these big brands have low end routers all from the same basic cheap source. So basic that they can't even have a Tomato put on them. I then assume that the manufacturers don't like fixing them as it looks like "wasted" money to them. Yet the actions of TP-Link honouring that three year warranty has me buying more and more of them.

  5. Graham Marsden
    Facepalm

    And bad advice...

    When I got my new Virgin Broadband/ WiFi router the guy from Virgin told me "Don't change the default password because if you forget it and something goes wrong we won't be able to help you fix it and you'll have to call out an engineer or get a replacement..."

    1. DryBones

      Re: And bad advice...

      Obviously that guy didn't read the manual.

    2. Mark Allen
      Facepalm

      Re: And bad advice...

      Eh? Is that the Virgin Cable Router with the default password of "changeme"? Which then insists on being changed the first time you use the admin control panel?

      I always tell my clients to never trust the guy who installs the kit. I have heard some "interesting" advice from these people before.

  6. Frumious Bandersnatch

    open firmware

    I didn't follow any links, but I hope that they also include some OpenWRT, DDWRT and Tomato firmware in their challenges. Why should only the OEMs get some free security testing?

    1. asdf

      Re: open firmware

      Don't forget Gargoyle (probably enough like OpenWRT to not be strictly necessary) and CeroWRT (different enough worth testing) as well. Finally if the hackers want to be epic they should try breaking into pfSense, M0n0wall, or even a cut down install of OpenBSD routers/computers as well.

      1. asdf

        Re: open firmware

        Darn missed edit period. Actually Gargoyle probably should be tested as many vulnerabilities are in the Web UI (which can be a vulnerability if an attacker can get on the LAN side). and is different. Also Gargoyle IMHO is the best of the bunch, very noob friendly UI, as well as having easy to modify qos scripts for the nerds and having the only efficient working ACC I have seen (modifies download limit on the fly so bandwidth is maximized without QOS breaking down). The only real drawback is it is currently on the somewhat dated 3.3 kernel (so some wireless improvements and new equipment might not be supported) but stability and performance wise its hard to beat.

  7. Anonymous South African Coward Bronze badge

    Smoothwall

    all the way!

  8. CaptainBanjax

    Draytek

    Never seem to get a mention as a pwnable router. Is that because they are pretty secure or nobody cares?

    I tend to use Draytek kit, simply because the site to site tunnel functionality 'just works'.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like