It’s true, things look pretty bleak for security of the Internet of Things space. Just take a look around and read up on it – loads of vulnerabilities and vendor community that doesn’t seem interested or capable of addressing the problem. What are we supposed to do, wait for the cavalry to save us? Perhaps […]
There’s some excellent work going on in Baltimore, where Independent Security Evaluators (ISE) has just published a report on the current state of security in home routers. The verdict: Abysmal. ISE tested 13 of the most popular routers available: Linksys WRT310Nv2 Belkin F5D8236-4 v2 Belkin N300 Belkin N900 Netgear WNDR4700 TP-Link WR1043N Verizon Actiontec D-Link DIR-865L […]
A new and dangerous vulnerability is being reported against certain Linksys routers. Apparently, if the “Classic” interface is being used instead of the newer “Smart” interface, Remote Administration is enabled whether or not it has been enabled in the user interface. This is obviously pretty bad since it will give anyone on the internet an […]
Comcast recently announced an aggressive plan to turn your home consumer modem/router into part of large scale nationwide network, and make it a public WiFi hotspot. Called xfinitywifi, the system will rely on a special gateway that Comcast will provide to their customers that will have two separate WiFi signals, one for the private home, […]
We love a good article that quickly sums up everything that we’re trying to do with RouterCheck. It makes us feel like we’re on the right track. Anyway, have a look here.
Phil Purviance, a security researcher from San Jose in California has published a manifesto entitled Don’t Use Linksys Routers, which outlines a series of security vulnerabilities that he’s found in their products. In his post Purviance claims that: I hooked it up and spent maybe 30 minutes testing the security of the embedded website used to […]
Very interesting article about how an attacker can bring down an entire ISP by replacing firmware in routers/modems. The authors did a good job explaining the context and threats that are out there. They also explained how a hacker could fairly easily find large blocks of people who were all subscribers of the same ISP […]
Interesting vulnerability found in the Actiontec MI424WR-GEN3I router by Jacob Holcomb of Independent Security Evaluators. The vulnerability is a CSRF that easily allows you to add administrator users and enable remote administration simply by crafting some HTML and pointing a browser in the router’s network to it. Details for how to do this can be found […]
How big is the internet? How long would t take to scan the whole thing? These questions have been answered in The Internet Census 2012. Yes, someone took the time and effort to map the entire internet. But how? With a botnet of course! But this botnet was different. Normally, botnets consist of virus-infected computers […]
Information security firm Rapid7 released research that they’ve conducted about security issues in devices that support UPnP (Universal Plug and Play). What they’ve found is that a large number of devices that are exposed on the internet are vulnerable to a small number of problems. 80 million IP addresses responded to UPnP discover requests, and […]