Router hacking competition announced for Defcon

Powered by SC Magazine
 

Compelling manufacturers to lift their game.

Well-known manufacturers of residential and SME wireless routers will have reason to feel nervous as hackers at the annual DefCon security conference aim to break into their products to find undocumented vulnerabilities or so-called zero days.

The sponsors behind the DefCon SOHOpelessly Broken competition, Independent Security Evalutators and digital rights lobby group Electronic Frontier Foundation, are confident the hackers will find vulnerabilities, as a number of router vendors have been accused of carelessness in security in the past.

study by ISE of 13 SOHO (small office/home office) routers found all to be vulnerable in one form or other. Of the routers in the study, 11 could be taken over remotely, and in two cases, no active management session was required.

ISE and EFF hope to create awareness of what they said is poor security across billions of SOHO devices around the world..

Despite abundant research and evidence that SOHO devices are highly vulnerable to malicious compromise, the vulnerable trends continue. From shotty code to blatant backdoors, the excitement never seems to end — though we'd like it to. Our hope is that this contest sheds light on the need for manufacturers to better secure these devices by shining a spotlight on them.

- SOHOpelessly Broken motivation statement.

Routers from Linksys, ASUS, TRENDnet, Netgear, TP-Link, D-Link and Belkin will be used for the competition, each with a specific firmware version. In addition, EFF's forthcoming Open Wireless Router could also be at the hackers' mercy.

A top score of 5000 points will be awarded for obtaining full control of the router, with a partial take-over rewarded with 4000 points. Points are deducted if the zero day is not a remote attack, requires human interaction, passwords or authenticated sessions among other things.

SOHOpelessly Broken adheres to a strict responsible disclosure policy, and affected vendors will be notified of vulnerabilities prior to these being demonstrated.

Copyright © iTnews.com.au . All rights reserved.


Router hacking competition announced for Defcon
 
 
 
Top Stories
First look: Microsoft Outlook for iOS
[Update] Office productivity suite for iOS completed with Outlook.
 
NewSat defaults on $26m in overdue Lockheed payments
Jabiru-1 satellite build hits further hurdles.
 
IBM denies plans to cut 112k jobs
But admits to further restructuring.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  36%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 3104

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 990

Vote