broadband router

Opinion: The IoT’s Wild West is Your Home Network

In-brief: Jackson Shaw of Dell warns that home networks are like the Wild West frontier when it comes to threats to the Internet of Things. Your broadband router is the covered wagon. 

NetUSB, IoT and Supply Chain Risk

If you want an object lesson in the dangers that await us on the Internet of Things, check out SEC Consult’s write up on NetUSB, a widely used technology developed by an obscure Taiwanese company that just happens to contain a nasty, remotely exploitable vulnerability. According to this alert, published on Tuesday, NetUSB “suffers from a remotely exploitable kernel stack buffer overflow” that could be used to run malicious code on affected devices. Even worse: the NetUSB component is ubiquitous – found in a long list of devices, from low-end wireless access points and broadband routers for small office and home office deployments to what SEC Consult called “high end devices…released very recently.” Networking devices from 26 vendors, including TP-Link, NetGear and others were found to use the NetUSB technology in their products. The vulnerability discovered by SEC Consult is straight-forward enough. According to their advisory, the NetUSB code does an inadequate […]

Third World Problem: Bot Herders Target Home Routers In Developing Nations

In-brief: A new global botnet is built on lightly secured home broadband routers in developing nations, according to a report from the firm Incapsula. 

DEFCON - Modding Stuff

DEFCON To Host IoT Hacking Village

The Internet of Things has arrived – at least insofar as the hacker underground is concerned. The IoT is getting its own Village at DefCon. Sure, it’s been easy enough to see for a while that hacking “stuff” was what all the cool kids were doing, whether you were talking about Barnaby Jack’s “Jackpotting ATMs” presentation or the research on telematics systems by folks like Charlie Miller and Chris Valasek. But the creation of a dedicated “IoT Village” at the show, alongside staples like the Lockpick Village, the Wireless Village and the Packet Hacking Village (aka “The Wall of Sheep”) establishes Internet of Things hacking as a major new “vertical” within the diverse and fast-evolving hacking subculture. [Read more Security Ledger coverage of hacking the Internet of Things.]   Villages are dedicated areas of the DEFCON conference where attendees can converge to view demonstrations and take part in hands on lessons […]

The Enduring Terribleness of Home Router Security Matters to IoT

Last week, home broadband router maker ASUS was the latest vendor to issue an emergency patch for a critical vulnerability in its products. This, after proof-of-concept exploit code was released for the so-called “Inforsvr” vulnerability that affects several ASUS home routers. That vulnerability -if left unpatched – would allow anyone with access to a home- or small business network that used an ASUS broadband router to, essentially, commandeer the device. The “infosvr” feature is typically used for device discovery by the ASUS Wireless Router Device Discovery Utility, but the service also allowed unauthenticated users to execute commands through it using the “root” permissions, according to researcher Friedrich Postelstorfer, who created a proof of concept exploit for the security hole and released it on January 4. The exploit code finally prompted a patch from ASUS on January 13. The company had spent months analyzing the issue and working on a fix. Patch aside, it has been a worrying month for the […]