PRESENTATION ABSTRACT: In this talk we will look into how a series of 0-day vulnerabilities can be used to hack into tens of thousands of SOHO Routers. We will elaborate on the techniques that were used in this research to locate exploitable routers, discover 0day vulnerabilities and successfully exploit them on both the MIPS and ARM platforms.
The talk will cover the following topics: – Dumping and analyzing router firmware from an ISP provided router. – Tips and Tricks to discovering vulnerabilities on the router – Identification of vulnerabilities – Explanation of how to write ARM / MIPS exploits – ROP Gadgets used for writing ARM and MIPS Proof-Of-Concept – Post exploitation concepts – creative use of exploits
The talk contains several 0day issues that allow enumerating and compromising (remote root) thousands of household routers currently connected to the Internet. The vulnerability details, along with graphic proof-of-concept exploits would be revealed at HITB GSEC
ABOUT LYON YANG
Lyon Yang is a senior security consultant at Vantage Point Security with a research focus on embedded systems hacking and exploitation. He is from sunny Singapore, the world’s first smart city. His regular discoveries of zero days in a variety of router models has earned him a reputation as the go-to guy for router hacking in Singapore, where he has been hired to do firmware source code reviews on popular router models. He is currently working on a comprehensive testing framework for ARM and MIPS based routers as well as shell code generation and post-exploitation techniques.
I have been previously featured on Channel News Asia and Singapore’s local radio station 938 Live! for my work in hacking SOHO routers used in Singapore (The world’s first smart city)