2024-08-06 –, Tuscany
CVE Hunting: Wi-Fi Routers, OSINT & 'The Tyranny of the Default', is a first hand account of CVE Hunting techniques that initially stemmed from a common issue in Cybersecurity: The use of default credentials. Through my research, I've uncovered a trend of critically insecure default password algorithms & other security misconfigurations across several manufacturers that lead to the discovery and reporting of multiple CVEs.
This talk will explore a few practical approaches & strategies that have been fruitful during the bug discovery process . I will cover practical & applied OSINT techniques that have helped find vulnerabilities in router WI-FI passwords, communication protocols & parallel security issues. Join me in exploring the implications of these approaches to CVE hunting & the subsequent vulnerabilities found in vulnerable networks in order to enhance our collective cybersecurity posture.
Detailed Description (For CFP Reviewers Only):
CVE Hunting: OSINT & “The Tyranny of the Default”, delves into a nuanced exploration of OSINT techniques that led to identifying a trend of insecure default password algorithmic vulnerabilities, insecure default protocol credentials & additional parallel issues. This methodology has been effective in identifying problems including but not limited to default undocumented credentials based on past discovery.
Here are some examples:
eBay as an OSINT Vector: The use of eBay, a global online marketplace is an unconventional yet potent OSINT vector. By analyzing the sale of used network equipment and devices, cybersecurity researchers can gain insights into default configurations and firmware versions that are commonly deployed by viewing labeling or packaging details information. This approach provides real-world context for devices as sellers often document images that could reveal sensitive diagnostic data.
FCC Public Databases: The Federal Communications Commission (FCC) maintains public databases that are invaluable for cybersecurity research, especially in the realm of network devices. By integrating FCC database insights with other OSINT findings, researchers can identify potential security flaws stemming from hardware configuration.
MITRE CVE Database Exploration: The MITRE Corporation’s Common Vulnerabilities and Exposures (CVE) database serves as a critical resource for identifying and understanding known vulnerabilities.This database offers a wealth of information that can be cross-referenced with findings from other OSINT vectors to validate and prioritize vulnerabilities for further investigation.
Vistumbler: Vistumbler is an open source WI-FI database that aggregates user supplied information similar to Wiggle Wi-Fi without Wiggle’s waitlisting and querying restrictions. This tool is useful for both Wardriving and reconnaissance to obtain distribution data that will be used to provide visualization of the proliferation of Wi-Fi networks.
By attending this talk participants will gain first hand insights of practical techniques to uncover vulnerabilities. This session seeks to be an interesting exploration of the implications of default credentials and additional insecure configurations to urge a proactive stance against the “Tyranny of the Default”.
Edward Warren has worked in Information Technology over 5 years & currently serves as a Security Analyst at Sedara. In 2023, Edward found critical flaws in Wi-Fi Internet Modems and Android applications & has a passion for researching emerging threats to user privacy. When not hunting for digital bugs he participates in various outdoor activities & also enjoys rearing biological bugs.