Abstract
Wireless routers are common in the typical home and are becoming more so every year. While wireless networks can be convenient and provide many benefits they also have the potential to be insecure and vulnerable. Statistics show that a large percentage of wireless routers use weak or no encryption and many wireless routers still use their default password. This research analyzed the security of wireless routers, specifically the security of a standard Linksys wireless router. The research focused on CSRF attacks and the possibility for an attacker to modify a wireless router through such attacks. The results of the research were significant. Proof of concept code is provided that demonstrates a variety of different types of attacks that enable an attacker to modify a wireless router in order to gain complete and persistent control of the device.
Keywords
Web Application Security, CSRF, Cross-Site Request Forgery, Linksys, Wireless Routers
Date of this Version
5-7-2010
Department
Information Security
Department Head
Eugene Spafford
Month of Graduation
May
Year of Graduation
2010
Degree
Master of Science
Head of Graduate Program
Eugene Spafford
Advisor 1 or Chair of Committee
Melissa J. Dark
Advisor 2
Anthony H. Smith
Committee Member 1
Phillip T. Rawles
Committee Member 2
Eugene H. Spafford