all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

One Million ASUS Routers Under Control: Exploiting ASUS DDNS to MITM Admin Credentials

Add to bookmarks
March 28, 2024, 4:54 p.m. | Black Hat

Black Hat www.youtube.com

...Notably, ASUS routers - of which around one million are exposed to the internet via port 8443/tcp (Shodan query: port:8443 os:"ASUSWRT") - display a distinct susceptibility. Investigation reveals the user-friendly "ASUS Router App" inadvertently alters router settings, making them accessible online.

Our research discovered that these routers, whether intended or not, configured via ASUS's DDNS, are susceptible to a man-in-the-middle (MITM) attack, which we identified, enabling the theft of admin credentials...

By: Masaki Kubo , Yoshiki Mori , Kanta Okugawa …

admin app asus asus routers control credentials display exploiting exposed internet investigation making mitm port query research router routers settings shodan tcp under

Visit resource

More from www.youtube.com / Black Hat

Black Hat Asia 2024 Highlights 2 days, 23 hours ago | www.youtube.com
asia black hat black hat asia black hat asia 2024
Startup Spotlight Competition at Black Hat 2 weeks, 5 days ago | www.youtube.com
bhusa blackhat cybersecurity infosec +1
Locknote: Conclusions and Key Takeaways from Day 2 1 month, 1 week ago | www.youtube.com
black hat black hat europe board board members +15
Locknote: Conclusions and Key Takeaways from Day 1 1 month, 1 week ago | www.youtube.com
black hat black hat europe board board members +16
Keynote: My Lessons from the Uber Case 1 month, 1 week ago | www.youtube.com
addition best practices case convicted +16
Keynote: Industrialising Cyber Defence in an Asymmetric World 1 month, 1 week ago | www.youtube.com
adversaries challenge cyber cyber defence +10
The Black Hat Europe Network Operations Center (NOC) Report 1 month, 1 week ago | www.youtube.com
back black hat black hat europe center +14
My Invisible Adversary: Burnout 1 month, 1 week ago | www.youtube.com
adversary attackers attacks burnout +11
The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility 1 month, 1 week ago | www.youtube.com
analysis ask bad codeql +10

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Security Operations Manager-West Coast

@ The Walt Disney Company | USA - CA - 2500 Broadway Street
View on infosec-jobs.com

Vulnerability Analyst - Remote (WFH)

@ Cognitive Medical Systems | Phoenix, AZ, US | Oak Ridge, TN, US | Austin, TX, US | Oregon, US | Austin, TX, US
View on infosec-jobs.com

Senior Mainframe Security Administrator

@ Danske Bank | Copenhagen V, Denmark
View on infosec-jobs.com