Visible to the public Reverse Engineering and Backdooring Router Firmwares

TitleReverse Engineering and Backdooring Router Firmwares
Publication TypeConference Paper
Year of Publication2020
AuthorsAdithyan, A., Nagendran, K., Chethana, R., Pandy D., Gokul, Prashanth K., Gowri
Conference Name2020 6th International Conference on Advanced Computing and Communication Systems (ICACCS)
Date Publishedmar
KeywordsBackdoors, cyberattack, firmware backdoor, firmware reverse engineering, Microprogramming, Predictive Metrics, Program processors, pubcrawl, Resiliency, reverse engineering, Router Systems Security, Wireless fidelity, wireless router hacking
AbstractRecently, there has been a dramatic increase in cyber attacks around the globe. Hundreds of 0day vulnerabilities on different platforms are discovered by security researchers worldwide. The attack vectors are becoming more and more difficult to be discovered by any anti threat detection engine. Inorder to bypass these smart detection mechanisms, attackers now started carrying out attacks at extremely low level where no threat inspection units are present. This makes the attack more stealthy with increased success rate and almost zero detection rate. A best case example for this scenario would be attacks like Meltdown and Spectre that targeted the modern processors to steal information by exploiting out-of-order execution feature in modern processors. These types of attacks are incredibly hard to detect and patch. Even if a patch is released, a wide range of normal audience are unaware of this both the vulnerability and the patch. This paper describes one such low level attacks that involves the process of reverse engineering firmwares and manually backdooring them with several linux utilities. Also, compromising a real world WiFi router with the manually backdoored firmware and attaining reverse shell from the router is discussed. The WiFi routers are almost everywhere especially in public places. Firmwares are responsible for controlling the routers. If the attacker manipulates the firmware and gains control over the firmware installed in the router, then the attacker can get a hold of the network and perform various MITM attacks inside the network with the help of the router.
Citation Keyadithyan_reverse_2020