Saturday13 August 2022

SOHOplessly Broken Competition Reveals 15 0-Day Flaws Cracks Four Routers Wide Open

Reading time is around minutes.

Before DEF CON 22 started we published an article that the EFF (Electronic Frontier Foundation) was going to host a very interesting competition called SOHOplessly broken. This competition was to features a large array of common SOHO (small office home office) routers and put them to the security test. As you might imagine the competition revealed that security is not the primary focus of this segment of the market. In all a total of 15 zero day vulnerabilities were uncovered during the competition in four common routers.

In all there were ten routers up on the table during the competition and of those the Asus RT-AC66U, NETGEAR Centria WNDR7400, Belkin N900 and the TRENDNet TEW-812DRU were cracked wide open. These routers were broken with the latest firmware allowing for the attacker to execute privileged commands on them remotely.

This is not the first time that this type of product has been compromised on this level. Earlier in the year flaws were found in a large range of products including ones from Cisco. It was also found that a large number of SOHO routers were open to the HeartBlead bug and although most manufacturers patched these fairly quickly there are still some that either cannot be patched or simply haven’t been.

One of the biggest problems is that the update cycle for most SOHO and residential routers are, in some cases, worse than the update cycle for cell phones. It is not uncommon for a patch for a bug or vulnerability to be available, but the manufacturers wait to push out an update until they have more to add to it. We would assume to cut down on costs for development and packaging of new firmware updates.

Although this does not bode well for the current state of SOHO security the hope is that the extra spotlight on these products will lead to better security in the long run. At the time of this writing there is no word on when the affected products will receive updates to remove the holes found in them.

Tell us what you think in our Forum

Last modified on Wednesday, 13 August 2014 06:39

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.