EFF intros wireless router software to boost industry standard

Share this article:
Researchers have observed attackers using DNS redirection attacks due to bugs in home routers.
EFF is calling all hackers to help the organization "test, develop, improve, and harden" the Open Wireless Router.

This weekend, the Electronic Frontier Foundation (EFF) introduced a “hacker alpha release” of Open Wireless Router – software meant to address the security shortcomings of existing Wi-Fi routers.

On Sunday, the digital rights' group launched its software at the HOPE X hackers conference in New York, and also made a call to all hackers to do what they do best – help the organization “test, develop, improve, and harden” the Open Wireless Router, which will run on Netgear WNDR3800 hardware.

In its announcement online, EFF also said that the software would be based on the CeroWRT project, and that developers with a WNDR3800 router could now preview the firmware.

The goal of the project is to allow small businesses and home users to easily allow guests to access their open networks, without sacrificing user security (from exposed WPA2 network passwords). EFF also seeks to allow users to “share a bounded portion of [their] bandwidth on the open network, so guest users cannot slow down your internet connection or use a large portion of your monthly quota,” the group's website said.

Open Wireless Router will also include automatic updates, which will make us of Tor to thwart attacks targeting such processes. Of its mission, EFF also said that it hopes to change the fact that "most or all existing router software is full of XSS and CSRF vulnerabilities."

In August, the software is expected to undergo its fair share of testing at the DefCon hacking conference, since it will be one of nine routers hacked in the SOHOpelessly Broken contest, which aims to uncover previously unknown bugs in consumer wireless routers.

On Monday, Ranga Krishnan, a technology fellow at EFF, told SCMagazine.com in an email correspondence that the organization doesn't currently have the resources to support multiple platforms, but it encourages the hacker community to adapt the software for other hardware models.

“Our goal is to provide a good example that hackers and the industry can adopt into other platforms and products,” Krishnan said. “We are exploring a more modern hardware platform that can be the basis of a consumer-focused release down the road. However, for now, we will only be supporting [Netgear] WNDR3800 as the platform that hackers can use to help us improve the software,” he continued.

The software will support EAP-TLS encryption, allowing certificate-based authentication which “provides each guest a secure encrypted Wi-Fi connection equivalent to WPA2 encryption,” Krishnan explained, without controlling guest access through the widely published, or insecure, WPA2 password. He later added that OWR will isolate guest Wi-Fi traffic via a firewall, so guest users are not able to access the business private network or services.

In a Monday interview with SCMagazine.com, Craig Young, a security researcher with Tripwire's vulnerability and exposures research team (VERT), said that EFF's work in Wi-Fi router security was “very exciting,” and that the group was “going about this in the right way,” by engaging the hacker community to lend a hand.

“For those of us who have been doing this awhile, it gets very frustrating to continuously report the same [wireless router] vulnerabilities [to vendors] model after model, and see new products that are being made with the same mistakes that are in older versions,” Young said. “My hope is that the vendors might actually take a look at the project and start pulling some of [the OWR] code into their products,” he said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.