Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Authentication-bypass vulnerabilities in SOHO routers

 
: Rotenberg, Nadav; Shulman, Haya; Waidner, Michael; Zeltser, Benjamin

:

Association for Computing Machinery -ACM-; Association for Computing Machinery -ACM-, Special Interest Group on Data Communication -SIGCOMM-:
SIGCOMM Posters and Demos 2017. Proceedings : Los Angeles, CA, USA, August 22 - 24, 2017
New York: ACM, 2017
ISBN: 978-1-4503-5057-0
pp.68-70
Association for Computing Machinery, Special Interest Group on Data Communication (ACM SIGCOMM Conference) <2017, Los Angeles/Calif.>
English
Conference Paper
Fraunhofer SIT ()

Abstract
SOHO routers act as a gateway to the Internet for Small Office/Home Office networks. Despite the important role that they fulfill, there is a long history of vulnerabilities allowing attackers to breach security and availability of the clients and services on SOHO networks. Following the multiple disclosures and recommendations for patches in the last two decades it seems an obvious question to verify whether the reality meets the expectation. We focus on an important class of vulnerabilities called authentication bypass, which allow an attacker to take control over a network device by subverting the authentication procedure. We perform a stealthy and non disruptive evaluation of authentication bypass vulnerabilities in SOHO routers. Our study focuses on a number of selected countries, to detect presence of vulnerable devices. The results of our study are worrisome: we find a large fraction of misconfigurations and insecurity issues in configuration of SOHO routers, which stand in sharp contrast to the awareness of the security and research communities to the vulnerabilities as well as a large body of work studying related topics.

: http://publica.fraunhofer.de/documents/N-469997.html