During this livestream, security researcher Jacob Holcomb will show us a now-patched vulnerability in the ASUS RT-N56U router. He’s going to exploit a stack-based buffer overflow to get full remote access. An attacker with a root shell on a router could man-in-the-middle internet traffic to steal credentials or monitor that traffic to setup more attacks on other targets in that router’s network.
Holcomb and our security reporter Lorenzo Franceschi-Bicchierai will walk you through step-by-step to explain how these exploits were used to find a vulnerability in the router. We will show how to reverse engineer the router’s web server and the development of the exploit to gain full remote access on the router. To be clear, this exploit was responsibly disclosed to ASUS and has been patched. The vulnerability no longer exists. If you own the router, you should make sure you’re using the latest firmware.
Jacob Holcomb is the Founder and CEO of Honest Security, a computer and network security company located in Traverse City, Michigan. He is an original organizer of the security research and awareness initiative, Internet of Things Village, and is best known for pioneering the organized router security research study, SOHOpelessly Broken. Which served as the foundation for the first-ever router hacking contest at DEFCON. He is skilled in application security, penetration testing, network security, and exploit research and development. As highly regarded speaker and trainer, Jacob has presented at security conferences around the world and has been a guest lecturer for university classes and cyber security clubs.
This is part of How Hacking Works, a series of stories that demystifies the art of security research in hopes of improving digital security across the board.