Overview
Scrutinize WPA2 password generating algorithms in wireless routers through this BSidesLV 2015 conference talk. Delve into the research conducted by Eduardo Novella, exploring vulnerabilities in various router brands including Comtrend, Sitecom, Thomson, Arcadyan, and ADB/Pirelli. Learn about techniques for obtaining firmware, dumping EEPROM, and exploiting backdoors. Discover how to obtain WPA keys and understand the implications of weak password generation algorithms. Examine specific case studies, including findings from Spain's largest ISP in 2010. Gain insights into wireless authentication, deauthentication processes, and potential OS command injection vulnerabilities. Conclude with a Q&A session to further explore the presented security issues in popular wireless routers.
Syllabus
Intro
Outline
Eduardo Novella
Carlo Meijer and Roel Verdult
Timeline
Wireless Authentication & Deauthentication
Obtaining the firmware
Dumping the EEPROM
Comtrend: Findings
Comtrend: Backdoors and super-admin
Comtrend: Command Injection in telnet service
Comtrend: How to obtain WPA keys?
Comtrend: Biggest ISP in Spain, 2010
Sitecom: Previous Findings
Sitecom: WLR-2X00
Sitecom: WPA generation
Thomsom in The Netherlands
Arcadyan. WPA key generation
ADB / Pirelli
Conclusion
Questions and answers
OS Command injection