It’s no secret that router security is pretty lousy, that’s the whole point of creating RouterCheck in the first place. But we never thought that there’d be a competition that’s based on this lousiness.
That’s why we were so surprised to see that there’s now a contest for finding vulnerabilities and breaking into routers. The contest, named SOHOpelessly Broken is planned to be run in August at the DEFCON 22 hacker conference. The contest is being sponsored by the Electronic Frontier Foundation (EFF) and Independent Security Evaluators, the guys who did such great work last year exposing the fact that just about all SOHO routers were security nightmares.
The contestants will be challenged to demonstrate vulnerabilities and break into several routers:
- Linksys EA6500 [Version 18.104.22.168196]
- ASUS RT-AC66U (HW Ver. A2) [Version 22.214.171.124.266]
- TRENDnet TEW-812DRU (H/W: v1.0R) [Version 126.96.36.199]
- Netgear Centria WNDR4700 [Version V188.8.131.52]
- Netgear WNR3500U/WNR3500L [Version V184.108.40.206_35.0.53N]
- TP-Link TL-WR1043ND (Ver. 1.10) [Version 3.13.12 Build 120405 Rel.33996n]
- D-Link DIR-865L (HW Ver. A1) [Version 1.03]
- Belkin N900 DB (Model: F9K1104v1) [Version 1.00.23]
- EFF Open Wireless Router [Details forthcoming]
A few thoughts: Why aren’t any of the popular third party firmwares like DD-WRT in the list? On the other hand, good on them for including the new EFF firmware that isn’t even avialble yet but will be released soon. This may be a great way for them to focus lots of attention on the new software by unleashing the world’s greatest router break-in artists on it. This may find some serious security bugs before it;s released to the wider public.
The point of this whole exercise seems to be to increase people’s awareness of the growing SOHO router vulnerability problems in the hopes that router vendors will respond by taking their firmware more seriously. Out thoughts: probably a bit pessimistic. No silver bullets, but definitely a move in the right direction.
We’re excited to see the results!