Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modems, ISPs & the media How the Comhem vulnerability could have been handled, and what happened instead.

Similar presentations


Presentation on theme: "Modems, ISPs & the media How the Comhem vulnerability could have been handled, and what happened instead."— Presentation transcript:

1 Modems, ISPs & the media How the Comhem vulnerability could have been handled, and what happened instead

2 Who am Penetration Omegapoint Säkerhetspodcasten Annoyer of ISPs

3 This talk is about How I hacked my own modem How Comhem handled my bug report How I worked with the media to force Comhem into handling it better How they still failed And finally – How it should have been done

4 Lets go back a while All the way back to August, 2013

5 I live in a ComHem house Which means I get one of these:

6 Its my gateway to the internet I decided to see if I could hack myself. There where two obvious ways to go about it.

7 Pros & Cons Firmware Analysis Pros Can find stuff not obvious on the web interface Could possibly reprogram the modem Could find cooler vulnerabilities Cons Could brick my modem Lots of work Not my area of expertise Web Interface hacking Pros Easy and quick Could find really stupid vulnerabilities Little to no risk of damaging the modem Cons I wouldn’t be learning anything new Soldering is cool! Won’t find hidden stuff

8 The web interface

9 Fiddling around with burp

10 Finding CSRF Vuln

11 Impact of the CSRF vuln Changing DNS Harvest account details Spread malware Steal Credit Card and bank details Port Forwarding Expose internal network to internet Turning on remote admin Changing all modem settings Stealing stored passwords (wifi passwords stored in cleartext) Downgrade security DOS Brick the modem

12 Hardware hacking

13

14 Analyzing firmware

15 Sending the bug report

16 ComHem Responds

17 A year goes by

18 What is responsible disclosure?

19

20

21

22 Comhem Responds

23 Comhem responds again “The DNS problem only exists in Stockholm” -Comhem

24

25 Comhem locks down DNS Limiting their modems to only using Comhems DNS. This still doesn’t solve the following problems: Port Forwarding Expose internal network to internet Turning on remote admin Changing all modem settings Stealing stored passwords (wifi passwords stored in cleartext) Downgrade security DOS Brick the modem Etc…

26 Minister proposes Law Change and PTS investigates

27 Comhem solves the problem On the 14 th of November a firmware update finally arrives, solving the problem. At this point, the media attention has died down Noone cares that the issue is resolved The damage to Comhem is already done, and can’t be reversed at this point

28 What did we learn How should they have done it? Can we help our clients and companies handle these issues? What is it like to deal with the media Knowing what you want to say and being able to back it up

29 Evil DNS - Swedbank


Download ppt "Modems, ISPs & the media How the Comhem vulnerability could have been handled, and what happened instead."

Similar presentations


Ads by Google