In this talk we will look into how a series of 0-day vulnerabilities can be used to hack into tens of thousands of SOHO Routers. We will elaborate on the techniques that were used in this research to locate exploitable routers, discover 0day vulnerabilities and successfully exploit them on both the MIPS and ARM platforms.
The talk will cover the following topics:
– Dumping and analyzing router firmware from an ISP provided router.
– Tips and Tricks to discovering vulnerabilities on the router
– Identification of vulnerabilities
– Explanation of how to write ARM / MIPS exploits
– ROP Gadgets used for writing ARM and MIPS Proof-Of-Concept
– Post exploitation concepts – creative use of exploits
The talk contains several 0day issues that allow enumerating and compromising (remote root) thousands of household routers currently connected to the Internet. The vulnerability details, along with graphic proof-of-concept exploits would be revealed at HITB GSEC