m-1-k-3 keeps it coming:
A bit scary when you think about it! When he released the Linksys WRT54 vulnerability PoC I tought “Well this is an old device. A classic still, but if someone still uses it then probably to run openwrt/dd-wrt on it”…
But with the recent Dlink Vulnerabilities he discovered (Refer: The Home Network Horror days starting right now …) and now Linksys E1500/E2500 we are not talking about old devices anymore but current selling models. Even not the cheapest/worst ones so there are probably thousands out there.
That combined with the ability to easily find them using sh0dan, as he explains it, leaves one asking how the state of the current Internet / End User network security really is. Who knows if there are not already thousands of R0uter’s DNS settings changed to malicious DNS Servers, set up to fake what ever website you can think about?
- Identity (personal identification cards with internet ability)
- Communications (email, im, siri)
All of this could already be compromised via man in the middle attacks for thousands of private individuals around the world, build so cleverly that they wouldn’t even notice any problem in their normal activities!
On the dark side of the force you probably have criminal organizations that earn money by selling either the knowledge of the vulnerability itself or use it as a door opener to perform malicious acts like identity and credit card theft or just plainly transfer money from your bank/paypal account to untraceable bank accounts. Then they probably use this money to support their illegal drug and prostitution business -> Really scary
On the “light side” of the force you probably have governments using the knowledge of such vulnerabilities to monitor private individuals by using it to distribute some badly programmed government-issued trojan spy software. Although I’m not really paranoid about being persecuted by my own government I think the collateral damage of such surveillance could very well be that such backdoors are highjacked by the bad guys.
This concern especially grows if you follow the press regarding the quality of such government-issued trojans.
So the implications this has could be huge. But the real impact could also be small to nonexistent. We probably never hear about some of the stuff that was made possible by home router vulnerabilities.
I guess this is just a phase where the security focus widens from Operating Systems to Network equipment. As more and more of such security issues become public, vendors will need to shape up to stay in the market.
What I find interesting is that a vendor like Linksys, who is owned by one of the current leading Firewall and IPS vendors, does not better use its internal available know-how to prevent such badly programmed routers to hit the marked. In the end it probably comes down to cost efficiency and profit margin.
Who knows maybe they even become the first security focused Consumer-Router manufacturer and benefit from this trend they helped to create with bad products.
I would still recommend to get a router that is openwrt compatible, as chances are that vulnerabilities this serious will be identified and fixed much faster in an open source router os. However I slowly become curious how secure openwrt itself really is. Maybe m-1-k-3 can take a look at it after pwning all the other router vendors out there. I personally think he will be able to find such vulnerabilities for nearly all of them!
Well, enough conspiracy theories for today. Those are just the things that lurked in the back of my head when I read about this.
May the force be with you and your router!