WLAN router horror stories

Abstract

It's about finding and exposing two weak password algorithms for the
standard-passwords for WPA/WPA2 in widely deployed
soho-home-dsl-wifi-voip-routers and what could be done with that
knowledge if you have malicious intents.

Planned content:
- History/Intro -> There have been cases like this before in other countries
- Finding targets -> Wardriving + Mapping (we know its "boring" so
this part will be kept short and focused on practical use)
- Router internals -> Firmware Unpacking/Reversing with IDA to read
some MIPS-Assembly (we will drink before we talk about this part, you
have been warned!)

more details about what we are focusing on

1. Telekom/Arcadyan Speedport 700V Router default password weakness
(http://www.heise.de/newsticker/meldung/WPA-Key-von-Speedport-Routern-zu-einfach-1062911.html)
2. Telekom Austria (Pirelli Broadband PRGAV4202N) Router default
password weakness
3. (more stuff)

Speaker