Strategy, Vulnerability management

SOHOpelessly contest at DefCon yields 15 router flaws

August 14, 2014

At the SOHOpelessly Broken contest organized by the Electronic Frontier Foundation (EFF) and Independent Security Evaluators and held during DefCon, hackers proved that routers still suffer from security issues by uncovering 15 new zero-day vulnerabilities.

Security researchers had a go at 10 routers from different  vendors in a series of three challenges, including a demonstration of vulnerabilities and two capture-the-flag matches where the hackers had to compromise vulnerable firmware to extract sensitive data. Four contestants found 15 flaws in five routers -- the Netgear Centria, the Belkin N900, WNDR4700 ASUS RT-AC66U, an Actiontec Electronics router distributed by Verizon Wireless, and the TRENDnet TEW-812DRU.

While not all of the vulnerabilities were critical, seven of the attacks yielded full compromises where attackers were able to gain control of the routers. TripWire's Craig Young racked up the most points, uncovering 11 of the vulnerabilities.

prestitial ad