Researchers are gearing up to hack top manufacturers of Home and SME wireless routers during a contest next month at the Defcon 22 security conference.The contest is called SOHOpelessly Broken.
The sponsors behind the DefCon SOHOpelessly Broken competition, Independent Security Evalutators and digital rights lobby group Electronic Frontier Foundation are confident the hackers will find vulnerabilities too, as a number of router vendors have been accused of carelessness in security terms in the past.
A study by ISE of 13 SOHO routers found all to be vulnerable in one form or other. Of the routers in the study, 11 could be taken over remotely, and in two cases, no active management session was required.
According to IT News, Routers from Linksys, ASUS, TRENDnet, Netgear, TP-Link, D-Link and Belkin will be used for the competition, each with a specific firmware version. In addition, EFF’s forthcoming Open Wireless Router could also be at the hackers’ mercy.
A top score of 5000 points will be awarded for obtaining full control of the router, with a partial take-over rewarded with 4000 points. Points are deducted if the zero day is not a remote attack, requires human interaction, passwords or authenticated sessions among other things.
The first challenge, known as Track 0, will require researchers to demonstrate exploits for previously unknown, or zero-day, vulnerabilities in a number of popular off-the-shelf consumer wireless routers.
The second challenge, or Track 1, is a capture-the-flag contest where individuals or teams will compete to finish ten objective-based attack scenarios against known vulnerable routers.