How secure is your wireless router? The Def Con 22 hacker conference aims to find out exactly how resilient off the shelf products are next month during a six-day hackathon.
Seasoned hackers and security experts are being invited to break a number of wireless routers made by the likes of Linksys, Netgear and D-Link, with the intention of shaming manufacturers into making better kit.
The competition will focus on looking for previously unknown vulnerabilities in eight household name routers. The Electronic Frontier Foundation will also be supplying a version of its work-in-progress Open Wireless Router for hackers to tinker with.
The devices to be put through the wringer throughout the conference are:
- Linksys EA6500 [Ver.1.1.40 (build 160989)]
- ASUS RT-AC66U (HW Ver. A2) [Version 188.8.131.52.374.5517]
- TRENDnet TEW-812DRU (H/W: v1.0R) [Version 184.108.40.206]
- Netgear Centria WNDR4700 [Version V220.127.116.11]
- Netgear WNR3500U / WNR3500L [Version V18.104.22.168_35.0.55]
- TP-Link TL-WR1043ND (Ver. 1.10) [Version V1_140319]
- D-Link DIR-865L (HW Ver. A1) [Version 1.05]
- Belkin N900 DB (Model: F9K1104v1) [Version 1.00.23]
- EFF Open Wireless Router
Points are awarded if hackers are able to take full or partial control of a device, brick a router or retrieving sensitive information like admin passwords. Points are deducted if attacks are only partially successful, require admin access or requires the attacker to be in close proximity to a router.
In many cases, router exploits can be combated by changing the default admin and WiFi passwords, as the points scoring system of Defcon 22 suggests.
But the vulnerabilities of routers like the EE BrightBox and the Virgin Media SuperHub have demonstrated the need for ISPs and manufacturers to keep on top of the game when it comes to protecting their customers.
It’s not just routers that can provide an entry point into people’s homes – last week, security researcher Dan Petro suggested that Google’s humble Chromecast could provide hackers with access to people’s home networks.
Petro discovered the weakness when working on his humours Rickmote device – a Raspberry Pi-based remote that basically Rickrolls people’s TVs. Despite the probability of such a hack actually working, it doesn’t look like Google will be able to release a security fix anytime soon.
It’s not the only area where the search giant has been caught out being a little lax in the whole security department of late.
Defcon 22 will run from August 7-12. As well as looking for unknown problems with the hardware, a second ‘capture the flag’ type contest, will take place, with hackers competing to see who can break hardware using known vulnerabilities the fastest – the 10th Dan black belt hacker equivalent of the 100m sprint.