Download presentation
Presentation is loading. Please wait.
Published byDonavan Needler Modified over 9 years ago
1
Modems, ISPs & the media How the Comhem vulnerability could have been handled, and what happened instead
2
Who am I? @johanRmoller Penetration Tester @ Omegapoint Podcaster @ Säkerhetspodcasten Annoyer of ISPs
3
This talk is about How I hacked my own modem How Comhem handled my bug report How I worked with the media to force Comhem into handling it better How they still failed And finally – How it should have been done
4
Lets go back a while All the way back to August, 2013
5
I live in a ComHem house Which means I get one of these:
6
Its my gateway to the internet I decided to see if I could hack myself. There where two obvious ways to go about it.
7
Pros & Cons Firmware Analysis Pros Can find stuff not obvious on the web interface Could possibly reprogram the modem Could find cooler vulnerabilities Cons Could brick my modem Lots of work Not my area of expertise Web Interface hacking Pros Easy and quick Could find really stupid vulnerabilities Little to no risk of damaging the modem Cons I wouldn’t be learning anything new Soldering is cool! Won’t find hidden stuff
8
The web interface
9
Fiddling around with burp
10
Finding CSRF Vuln
11
Impact of the CSRF vuln Changing DNS Harvest account details Spread malware Steal Credit Card and bank details Port Forwarding Expose internal network to internet Turning on remote admin Changing all modem settings Stealing stored passwords (wifi passwords stored in cleartext) Downgrade security DOS Brick the modem
12
Hardware hacking
14
Analyzing firmware
15
Sending the bug report
16
ComHem Responds
17
A year goes by
18
What is responsible disclosure?
22
Comhem Responds
23
Comhem responds again “The DNS problem only exists in Stockholm” -Comhem
25
Comhem locks down DNS Limiting their modems to only using Comhems DNS. This still doesn’t solve the following problems: Port Forwarding Expose internal network to internet Turning on remote admin Changing all modem settings Stealing stored passwords (wifi passwords stored in cleartext) Downgrade security DOS Brick the modem Etc…
26
Minister proposes Law Change and PTS investigates
27
Comhem solves the problem On the 14 th of November a firmware update finally arrives, solving the problem. At this point, the media attention has died down Noone cares that the issue is resolved The damage to Comhem is already done, and can’t be reversed at this point
28
What did we learn How should they have done it? Can we help our clients and companies handle these issues? What is it like to deal with the media Knowing what you want to say and being able to back it up
29
Evil DNS - Swedbank
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.