Technical Stream
Technical Stream
Securing Wi-Fi worldwide: automatic Wi-Fi/DSL router patching and credentials checking

Abstract:

This task addresses a system that automatically searches for and patches vulnerable (hacked) home routers. Today, millions of home routers around the world are using old versions of firmware, in which a huge number of vulnerabilities has already been detected. This makes them easy prey for attackers. We often see how these boxes are used as proxy-devices (including in targeted attacks), or their settings (most often DNS) are changed to redirect users to phishing sites. Updating these devices would solve the problem, but for a large number of users this task is too time-consuming. You are invited to offer a solution to the problem of updating devices and changing simple passwords on home routers.

Statement of the problem

The main problems related to the security of home routers are: login and password combinations that are easy to guess, default passwords for administrator accounts, outdated firmware that has not been updated by users and which contain vulnerabilities. Any of these risks could result in the device being compromised, meaning it could then be used by the attackers at their own discretion.

Requirements/technical guidelines for submissions

At the proof-of-concept (PoC) level the program based on this research should be able to:

  • identify problems with security on a device: simple passwords, default accounts, outdated software versions;
  • automatically determine which firmware version should be installed;
  • perform a smart update with all settings restored;
  • collect telemetry (dns settings, a list of running processes, number of users) before and after the update;
  • update the administrator password and provide it to the user in a convenient form (SMS/email/messenger).

The system should be implemented for the routers of one of the following manufacturers: ASUS, TP-Link, Netgear, Linksys, D-link, Ubiquiti, Cisco, Zyxel

(based on the data http://www.smallnetbuilder.com/lanwan/lanwan-features/32666-smallnetbuilders-router-market-share-report-q1-2015)

You should also provide a description of the proposed method for solving the problem.

Supplementary materials

Theory:

https://www.shodan.io/ — to check how many such devices are online

http://routersecurity.org/bugs.php

http://www.howtogeek.com/227384/how-to-check-your-router-for-malware/

http://www.kaspersky.com/internet-security-center/internet-safety/protecting-wireless-networks

Malware examples:

https://www.virusbulletin.com/virusbulletin/2015/02/paper-p0wned-barcode-stealing-money-offline-users/ — example of how criminals use these vulnerabilities in routers

https://securelist.com/analysis/publications/57776/the-tale-of-one-thousand-and-one-dsl-modems/

http://www.pcworld.com/article/2139460/sality-malware-growing-old-takes-on-a-new-trick.html

https://securelist.com/analysis/publications/36396/heads-of-the-hydra-malware-for-network-devices/

http://www.kernelmode.info/forum/viewtopic.php?f=16&t=2747

Evaluation criteria

To evaluate the efficiency of the PoC, a series of tests on infected routers will be performed.