FRED RAYNAL (Founder/CEO, QuarksLAB)
PRESENTATION TITLE: Pwn@Home: An Attack Path to “Jailbreaking” Your Home Router
Times when personal computer where directly connected to the Internet are gone. Today, Internet Service Providers supply home routers and set-top-boxes to their customers.
Besides being a basic ADSL modem, these routers bring standard network features (UPnP, DDNS, Wireless Access Point, etc.) and also entertaining features such as media server, network storage, and many more. Since the entire network traffic (to the Internet and on the local network) goes over the router, one wonders how much can we trust these routers. In contrast to good old days when default passwords and command injection where the norm, home router security has seriously increased. In fact, gaining root and modifying router firmware is very closely related to the process of jailbreaking a smartphone.
This talk will show the concatenation of several vulnerabilities, eventually leading to the compromise of a home router without any physical attack.
ABOUT FRED RAYNAL
Fred Raynal, PhD, is the founder and CEO of QUARKSLAB. Previously, he worked 3 years at EADS, including working as a core member of EADS IW, then created the SOGETI ESEC R&D (lab) team he managed for 5 years. He also is founder of the french conference SSTIC and magazine MISC. Beside “founding”, he enjoys both technical hacking, information warfare and finding ways to combine both in order to find different (and hopefully better) ways to do information security.
CO-PRESENTER: GABRIEL CAMPANA
Gabriel Campana is a senior security researcher. His interests are mainly focused on vulnerability research, exploitation methods, and Linux kernel security. Lately he has been working on automated vulnerability research, especially fuzzing. In his spare time he plays with embedded network devices.