| Popis: |
Wi-Fi-enabled Small Office/Home Office (SOHO) routers have become ubiquitous for having internet access in many network environments. With the advent of the ‘Internet of Things’ (IoT) and smart devices, almost all household devices are connected to the internet via these Wi-Fi-enabled SOHO routers. There have been numerous reports of security issues in SOHO routers because of known vulnerabilities. Except for enterprise networks, these devices acting as gateways are rarely safeguarded properly. The reasons for neglecting the security of these devices are many. Reports suggest that users often deploy these devices with insecure default configurations, leaving them as easy prey in the hands of malice users. Due to the easy exploitability, these devices have become attackers' paradise. The security analysis of these devices is often overlooked and challenging to undertake because of various versions of custom Linux based firmware and bootloaders they use. The security analysis of these devices holds strategic importance as they act as a gateway to almost every household having access to the internet. In this paper, we list the software and hardware interfaces of SOHO routers which are important for security analysis. We present a network environment for carrying out the security analysis of these devices. An iterative approach using static & dynamic analysis is described. Further, the static & dynamic analysis is augmented with symbolic analysis. To validate the described procedures, we present the case study of performing security analysis on a Netis WF2411 router. |
