Router Hacking CHCon 2018 Router Hacking 19/11/2018 $ whoami ▪Ben [zante] @zantedotnz ▪Security Consultant @ Insomnia Security ▪Previously, Digital Forensic Analyst @ NZ Police ▪ Interested in hacking embedded devices. Pulling flash chips off. Finding crazy command injection bugs. 19/11/2018 Motivation ▪Huawei HG659 for iptables access to redirect DNS for US Netflix goodness ▪ Find vulnerabilities in current generation routers ▪ Learn about hardware hacking 19/11/2018 Huawei HG659 ▪Well researched, decrypt/encrypt the configuration backup XML to enable telnet and recover root password ▪Original research: https://hg658c.wordpress.com 19/11/2018 New Research ▪Command injection vulnerabilities in three routers: ▪ Huawei B618 ▪ Huawei B315 ▪ [REDACTED] ▪Exploitation requires either web admin or physical access 19/11/2018 [REDACTED]? ▪Vendor told their customer the vulnerability had been patched … it wasn’t though, so it’s still unpatched ▪ Interes
