Meetup Vulnerabilities: Escalation of Privilege and Redirection of Funds

Top-Selling WiFi DSL Modems Routing Hackers Your Way

WiFi DSL routers have become a staple part of all professional computing setups. Unfortunately, wireless communication also introduces numerous vulnerabilities. A massive backdoor was found in popular NetGear, Linksys/Cisco and SerComm WiFi DSL modems back in December 2013. Security patches released by the companies have not solved the problem.

More than 20 popular models sold worldwide have been found to possess the vulnerability. Once remotely in control of the router via a compromised port, the hacker can gain “root shell” access and send malicious commands to the device.

Thousands of customers were expecting to mitigate the problem with the patch, but the desired result was not achieved. Owners of the vulnerable routers will have to adopt a pro-active approach to safeguard their networks since the backdoor still exists.

Security expert Eloi Vanderbeken, who exposed the original backdoor last year, did the follow-up research that revealed the ineffectiveness of the security patch. He is claiming this was a deliberate “feature” added by the manufacturers and that the security patch was not released to eliminate the backdoor, but just mask it to curb the customer backlash.

Vanderbeken has demonstrated how the problematic backdoor binary “scrgmgr” is still alive and kicking in his latest POC. Despite minor masking additions made to the code, it’s still possible to activate IPC sockets and receive packets to re-activate the backdoor. The router can then be pinged and manipulated as per the hacker’s requirements.

List of vulnerable WiFi DSL Routers

CISOs and Security Officials must implement the following steps to safeguard their networks:

  1. Change the username and password as soon as possible.
    This should preferably be done during the initial installation of the wireless DSL router as the default settings are very predictable and can give any hacker full access to your work network.
  2. Encryption. Encryption. Encryption.
    Information Security depends on safe end-to-end transfer of data. The best way to make sure this is happening is to encrypt all data communications on the network. WPA2 encryption should be enabled with a strong password.
  3. Don’t ignore the SSID.
    All wireless routers have a default SSID name, which usually includes the manufacturer identity. This can be a great head-start for any hacker looking to exploit your network. Customize your SSID for added safety.
  4. Keep all your routers updated.
    As mentioned earlier, not all security patches are perfect. But it’s extremely important to regularly update the firmware in all routers and hardware, an often-neglected aspect in workplaces.
  5. Make sure all remote access features are disabled.
    Today’s WiFi routers are versatile devices that allow administrators to perform their chores even with remote access. But this functionality must be disabled to promote safety and keep the hackers at bay.

Router manufacturers should also have security in mind while developing their software, something that can minimize the need for post-production damage control and security patches. This can be achieved by promoting secure Software Development Life-Cycles (sSDLC) environment and integrating security testing into the loop as early as possible.

Source Code Analysis (SCA) is a great way to achieve these goals. Vulnerabilities are eliminated early, with the automated testing saving resources and cutting production times. SCA can ALSO serve as an effective QA tool for complex and complicated coded scripts, fully integrated with testing tools and software.

Source 1 | Source 2

Jump to Category