Over the past few years, consumer-grade routers have emerged as a key security threat. Whether manufactured by Asus, Linksys, D-Link, Micronet, Tenda, TP-Link, or others, small office/home office (SOHO) routers have suffered a variety of real-world attacks that in some cases have allowed hackers to remotely commandeer hundreds of thousands of devices.
Now, security advocates are sponsoring "SOHOpelessly BROKEN," a no-holds-barred router hacking competition at next month's Defcon hacker conference in Las Vegas. The contest will challenge attendees to unleash novel exploits on 10 off-the-shelf SOHO routers running recent firmware versions.
"The objective in this contest is to demonstrate previously unidentified vulnerabilities in off-the-shelf consumer wireless routers," organizers said. "Contestants must identify weaknesses and exploit the routers to gain control. Pop as many as you can over the weekend to win. Contest will take place at Defcon 22, August 7-12, 2014 in the Wireless Village contest area."
More than three months after the disclosure of the catastrophic Heartbleed vulnerability in the OpenSSL library, critical industrial control systems sold by Siemens remain susceptible to hijacking or crashes that can be triggered by the bug, federal officials have warned.
The products are used to control switches, valves, and other equipment in chemical, manufacturing, energy, and wastewater facilities. Heartbleed is the name given to a bug in the widely used OpenSSL cryptographic library that leaks passwords, usernames, and secret encryption keys. While Siemens has updated some of its industrial control products to patch the Heartbleed vulnerability, others remain susceptible, an advisory published Thursday by the Industrial Control Systems Cyber Emergency Response Team warned.
"The vulnerabilities identified could impact authenticity, integrity, and availability of affected devices," the notice stated. "The man-in-the-middle attack could allow an attacker to hijack a session between an authorized user and the device. The other vulnerabilities reported could impact the availability of the device by causing the web server of the product to crash."