Tool released at Defcon makes firmware backdooring easier for certain router models
Security researcher Michael Coppola demonstrated how small and home office (SOHO) routers can be compromised and turned into botnet clients by updating them with backdoored versions of vendor-supplied firmware.
Coppola, who is a security consultant at Virtual Security Research (VSR), gave a crash course in router firmware backdooring -- a complicated process that requires reverse engineering skills -- at the Defcon hacker conference on Sunday.
During the talk he also released a tool called the Router Post-Exploitation Framework (rpef) that automates the firmware backdooring process for several popular router models from different vendors.
The devices supported by rpef include: Netgear WGR614, WNDR3700 and WNR1000; Linksys WRT120N; TRENDnet TEW-651BR and TEW-652BRP; D-Link DIR-601 and Belkin F5D7230-4.
Only specific versions of these routers can be backdoored with the framework and some require more testing. However, the list of supported devices will be extended in the future.
Rpef can add several payloads to the router firmware: a root bind shell, a network sniffer or a botnet client that connects to a predefined IRC (Internet Relay Chat) server where it can receive different commands from the attacker, including one to launch a denial-of-service attack.
Read more on
NetworkWorld
