all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

One Million ASUS Routers Under Control: Exploiting ASUS DDNS to MITM Admin Credentials

Add to bookmarks
March 28, 2024, 4:54 p.m. | Black Hat

Black Hat www.youtube.com

...Notably, ASUS routers - of which around one million are exposed to the internet via port 8443/tcp (Shodan query: port:8443 os:"ASUSWRT") - display a distinct susceptibility. Investigation reveals the user-friendly "ASUS Router App" inadvertently alters router settings, making them accessible online.

Our research discovered that these routers, whether intended or not, configured via ASUS's DDNS, are susceptible to a man-in-the-middle (MITM) attack, which we identified, enabling the theft of admin credentials...

By: Masaki Kubo , Yoshiki Mori , Kanta Okugawa …

admin app asus asus routers control credentials display exploiting exposed internet investigation making mitm port query research router routers settings shodan tcp under

Visit resource

More from www.youtube.com / Black Hat

Locknote: Conclusions and Key Takeaways from Day 2 2 weeks, 2 days ago | www.youtube.com
black hat black hat europe board board members +15
Locknote: Conclusions and Key Takeaways from Day 1 2 weeks, 2 days ago | www.youtube.com
black hat black hat europe board board members +16
Keynote: My Lessons from the Uber Case 2 weeks, 2 days ago | www.youtube.com
addition best practices case convicted +16
Keynote: Industrialising Cyber Defence in an Asymmetric World 2 weeks, 3 days ago | www.youtube.com
adversaries challenge cyber cyber defence +10
The Black Hat Europe Network Operations Center (NOC) Report 2 weeks, 3 days ago | www.youtube.com
back black hat black hat europe center +14
My Invisible Adversary: Burnout 3 weeks ago | www.youtube.com
adversary attackers attacks burnout +11
The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility 3 weeks ago | www.youtube.com
analysis ask bad codeql +10
A World-View of IP Spoofing in L4 Volumetric DoS Attacks - and a Call to … 3 weeks, 1 day ago | www.youtube.com
attacks call cloudflare detection +10
Collide+Power: The Evolution of Software-based Power Side-Channels Attacks 3 weeks, 1 day ago | www.youtube.com
addition attacks build collide+power +14

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Open-Source Intelligence (OSINT) Policy Analyst (TS/SCI)

@ WWC Global | Reston, Virginia, United States
View on infosec-jobs.com

Security Architect (DevSecOps)

@ EUROPEAN DYNAMICS | Brussels, Brussels, Belgium
View on infosec-jobs.com

Infrastructure Security Architect

@ Ørsted | Kuala Lumpur, MY
View on infosec-jobs.com

Contract Penetration Tester

@ Evolve Security | United States - Remote
View on infosec-jobs.com

Senior Penetration Tester

@ DigitalOcean | Canada
View on infosec-jobs.com
View more jobs