Pwning the Pawns with WiHawk - Santhosh Kumar • Anamika Singh (BSides Las Vegas 2014) (Hacking Illustrated Series InfoSec Tutorial Videos)
Pwning the Pawns with WiHawk
Santhosh Kumar • Anamika Singh
***THIS TALK IS VIA VIDEO CONFERENCE THE US CONSULATE IN CHENNAI COULDN'T PROCESS THEIR VISAS IN TIME FOR THE EVENT***
The elements that play a major role in today’s network architecture are router, gateway, switch, hub, access point etc. In a typical network, wireless or wired router is the key element responsible for connecting the LAN to the internet. A router can be connected to two or more data lines from different network which play the important role of forwarding data packets within computer networks. Security measures at each and every component in network are imperative and there has been significant development in last decade to make networks even more secure. While powerful security rules have been implied at different components of network, router has been one such sensitive and essential element in network which is still poorly configured by companies. They can be compromised by attackers to gain unauthorized access to the private network and can lead to malicious activities like following:
1. An attacker could configure the router to use a malicious DNS (Domain Name System) server, which can then lead to redirection of users to malicious websites.
2. An attacker can set up port forwarding rules to expose internal network services to the Internet.
Vulnerabilities in the management interfaces of wireless routers, vulnerabilities in protocols, inconsistencies in router software and weak authentication can expose the device to remote attacks and thus can be compromised by attackers. These issues had been raised by researchers in late 2012 but even if companies provide patches to upgrade management interface and inconsistencies in router software, these vulnerabilities are unlikely to go away soon because many users never update their routers and other embedded systems.
Due to above said vulnerabilities there are different types of attacks possible on routers which have been identified:
DDos Attack
CSRF
Brute Force
Buffer Overflow
Authentication BYpass
ROM-0 Attack
. In a wireless network there are thousands of Wi-Fi routers which are configured with default user name and passwords, which make them vulnerable to security breaches.
All we can do to find above mentioned vulnerability, scan your router manually and find if your router has any vulnerability mentioned above, But for a non-technical person it’s hard to find out if router is vulnerable or not, this is major reason millions of routers are left open to vulnerabilities and on top of it Vendors doesn’t provide patches for found vulnerability at same time.
Now finding these vulnerabilities and making sure that the router in use is not vulnerable to any of the mentioned vulnerabilities is not easy and so far we didn’t have any tool which will prompt you before being victim of attack that your router is vulnerable to any of the above mentioned attack.
WiHawk is an open source tool for auditing IP addresses to sniff out Wireless routers which are configured with default admin passwords and find out the routers which are vulnerable to Bypass Authentication, Cross Site Request Forgery, Buffer Overflow and FTP Authentication Bypass.
The tool can be used to identify following types of security vulnerabilities in provided IPs:
a) Authentication Bypass
b) Routers configured with default username/passwords
c) Buffer Overflow
d) Cross Site Request Forgery
e) ROM-0 attack
f) FTP authentication Bypass
Bio:
Santhosh Kumar
Santhosh Kumar is a 19 Year old one of the youngest Security Researcher of India. He is one of Key Speaker of Defcon Kerala 2014 meet, where he presented the Research topics on "Android-Forensic and Security Analysis." He is also a point of Contact at Defcon Chennai (DC602028) . He has Reported Vulnerabilities on Various Companies such as Yahoo, IBM, Microsoft, Cisco, Intel etc. in improvising their Web Application Security. His areas of Research also Include Mobile Security, Wireless and Embedded Devices. He is also a Holder of Certified Ethical Hacker (CEH) .He is currently pursuing the Bachelors in Computer Science.
Anamika Singh :
Currently associated with IronWASP Information Security Solutions private ltd, she has a keen interest in Network Security. After having 2 years of experience in companies like PayPal and Cognizant as a Software engineer, she left to pursue her interest in Network Security field. She started using Python to convert her security ideas to working tools. She is the author of WiHawk – Router Vulnerability Scanner. She is an active member of NULL Chennai chapter.
If I find the video, I'll put it here.
Back to BSides Las Vegas 2014 video list
Printable version of this article