Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, July 29 • 10:00am - 11:00am
How to Hack Millions of Routers

Sign up or log in to save this to your schedule and see who's attending!

This talk will demonstrate how many consumer routers can be exploited via DNS rebinding to gain interactive access to the router's internal-facing administrative interface. Unlike other DNS rebinding techniques, this attack does not require prior knowledge of the target router or the router's configuration settings such as make, model, internal IP address, host name, etc, and does not rely on any anti-DNS pinning techniques, thus circumventing existing DNS rebinding protections.

 

A tool release will accompany the presentation that completely automates the described attack and allows an external attacker to browse the Web-based interface of a victim's router in real time, just as if the attacker were sitting on the victim's LAN. This can be used to exploit vulnerabilities in the router, or to simply log in with the router's default credentials. A live demonstration will show how to pop a remote root shell on Verizon FIOS routers (ActionTec MI424-WR).

 

Confirmed affected routers include models manufactured by Linksys, Belkin, ActionTec, Thompson, Asus and Dell, as well as those running third-party firmware such as OpenWRT, DD-WRT and PFSense.


Thursday July 29, 2010 10:00am - 11:00am
Day 2 - Client Side

Attendees (83)