Owning Your Home Network: Router Security Revisited
This exposes critical security vulnerabilities in widely used home networking devices, posing risks to consumer privacy and network integrity.
The researchers investigated web interfaces of DSL home routers from 10 manufacturers and demonstrated that all could be compromised using primary XSS and UI redressing attacks, enabling settings changes and fast fingerprinting.
In this paper we investigate the Web interfaces of several DSL home routers that can be used to manage their settings via a Web browser. Our goal is to change these settings by using primary XSS and UI redressing attacks. This study evaluates routers from 10 different manufacturers (TP-Link, Netgear, Huawei, D-Link, Linksys, LogiLink, Belkin, Buffalo, Fritz!Box, and Asus). We were able to circumvent the security of all of them. To demonstrate how all devices are able to be attacked, we show how to do fast fingerprinting attacks. Furthermore, we provide countermeasures to make administration interfaces and therefore the use of routers more secure.