Owning Your Home Network: Router Security Revisited
Abstract
In this paper we investigate the Web interfaces of several DSL home routers that can be used to manage their settings via a Web browser. Our goal is to change these settings by using primary XSS and UI redressing attacks. This study evaluates routers from 10 different manufacturers (TP-Link, Netgear, Huawei, D-Link, Linksys, LogiLink, Belkin, Buffalo, Fritz!Box, and Asus). We were able to circumvent the security of all of them. To demonstrate how all devices are able to be attacked, we show how to do fast fingerprinting attacks. Furthermore, we provide countermeasures to make administration interfaces and therefore the use of routers more secure.
Turn this paper into a lesson
ArcXiv compiles a structured reading guide from this paper's metadata: plain-English importance, contributions, prerequisite concepts, which sections to read first, flashcards, and a quiz. Grounded in the abstract, never invented.