Owning Your Home Network: Router Security Revisited
作者: Marcus Niemietz , Joerg Schwenk
DOI:
关键词:
摘要: In this paper we investigate the Web interfaces of several DSL home routers that can be used to manage their settings via a browser. Our goal is change these by using primary XSS and UI redressing attacks. This study evaluates from 10 different manufacturers (TP-Link, Netgear, Huawei, D-Link, Linksys, LogiLink, Belkin, Buffalo, Fritz!Box, Asus). We were able circumvent security all them. To demonstrate how devices are attacked, show do fast fingerprinting Furthermore, provide countermeasures make administration therefore use more secure.
arxiv.org
harvard.edu
ieee-security.org 参考文章(12)
Bruce Schneier, David Wagner, Analysis of the SSL 3.0 protocol WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2. pp. 4- 4 ,(1996)
Mario Heiderich, Tilman Frosch, Marcus Niemietz, Jörg Schwenk, The bug that made me president a browser- and web-security case study on helios voting VoteID'11 Proceedings of the Third international conference on E-Voting and Identity. pp. 89- 103 ,(2011) , 10.1007/978-3-642-32747-6_6
L. Montulli, D. Kristol, HTTP State Management Mechanism RFC2109. ,vol. 2109, pp. 1- 21 ,(1997)
Sebastian Lekies, Ben Stock, Martin Johns, 25 million flows later: large-scale detection of DOM-based XSS computer and communications security. pp. 1193- 1204 ,(2013) , 10.1145/2508859.2516703
Mario Heiderich, Jörg Schwenk, Tilman Frosch, Jonas Magazinius, Edward Z. Yang, mXSS attacks: attacking well-secured web-applications by using innerHTML mutations computer and communications security. pp. 777- 788 ,(2013) , 10.1145/2508859.2516723
Gary Wassermann, Zhendong Su, Static detection of cross-site scripting vulnerabilities international conference on software engineering. pp. 171- 180 ,(2008) , 10.1145/1368088.1368112
Sid Stamm, Zulfikar Ramzan, Markus Jakobsson, Drive-By Pharming Information and Communications Security. ,vol. 4861, pp. 495- 506 ,(2007) , 10.1007/978-3-540-77048-0_38
Hristo Bojinov, Elie Bursztein, Dan Boneh, XCS: cross channel scripting and its impact on web applications computer and communications security. pp. 420- 431 ,(2009) , 10.1145/1653662.1653713
Juraj Somorovsky, Mario Heiderich, Meiko Jensen, Jörg Schwenk, Nils Gruschka, Luigi Lo Iacono, All your clouds are belong to us Proceedings of the 3rd ACM workshop on Cloud computing security workshop - CCSW '11. pp. 3- 14 ,(2011) , 10.1145/2046660.2046664
David Ross, Tobias Gondrom, HTTP Header Field X-Frame-Options RFC. ,vol. 7034, pp. 1- 14 ,(2013)