Header Ads

Vulnerabilities in Wireless Routers Allows To Remotely Intercept Traffic

Vulnerabilities in Wireless Routers Allows To Remotely Intercept Traffic
Within the framework of the DEF CON conference experts from Bastille Networks and Web Sight, Marc Newlin, Logan Lamb, and Christopher Grayson presented the results of a study aimed at studying vulnerabilities in network equipment used by various Internet providers. 
In the course of the study, experts identified 26 vulnerabilities in wireless gateways operating on the basis of an open platform RDK, allowing remote access with administrator rights to most home networks in the US. Vulnerabilities affect the equipment of various vendors, including Cisco, Arris, Technicolor, and Motorola.
As experts concluded, that it is possible to remotely intercept all Internet and voice traffic passing through a vulnerable gateway. According to experts, the problems they have discovered endanger millions of Internet service providers.
During the study, Newlin, Lambu, and Grayson managed to reverse engineer the process of generating MAC addresses in Comcast Xfinity routers and exploit the vulnerabilities in the FastCGI subsystem used by various web servers, including Apache, Nginx, and Lighttpd.

A few years ago, a major US provider, Comcast, transferred its subscriber devices to the public Wi-Fi access point mode. Home network in the routers has been preserved and is separated from the public (Xfinity Wi-Fi). Subscribers to Xfinity WiFi have the ability to connect to the Internet in any region of the United States, where there is at least one router from Comcast with public mode turned on. But, as it turned out, there is another, hidden network - XHS-XXXXXXXX, where the sequence XXXXXXXX represents the four least significant bytes of the MAC address of the modem. The password for this network is generated from the MAC address of the interface. Experts found four different ways to get the MAC address. One of them involves extracting the MAC address from the DHCP ACK message when connecting to the Xfinity Wi-Fi

After receiving the MAC address, the researchers were able to determine the password and access the Xfinity Wi-Fi network without having to authorize the Comcast credentials.
The experts informed Comcast about the vulnerabilities and the company has already developed relevant updates that address vulnerabilities. More details with the study of Newlin, Lamb, and Grayson can be found here.

No comments

Powered by Blogger.