Even though the technique may work on other devices as well, Canpolat tested a very popular router from Eircom, specifically the ZyXEL P-660, claiming that by exploiting it a hacker could change and create administrator passwords, enable local admin login, restart the device, change the machine’s firmware and much more.
All an attacker needs to do to gain access to the router is to obtain the victim’s IP address, a task not that difficult for anyone, let alone a skilled hacker. In case the IP is dynamic, the attacker can set up a special software such as DynDNS to make sure he can still access the device once the address is changed.
The IP address is needed for the piece of software that does the rest of the work. RouterPWN is a software presented by researcher and security consultant Pedro Joaquin at Shmoocon 2012 as part of a presentation called “A Mobile Router Exploitation Framework.”
The simple application allows anyone to access a router within seconds and perform operations such as unauthorized reset or privilege escalation.
“Getting Admin access will allow you to destroy the box (requiring a hard reset), it will blatantly show you the WiFi Encryption Key, it will allow you to bring down the networks Firewall, it will blatantly show you others on the network giving you a guaranteed target for some NMAP Scanning & Metasploit Exploitation to literally hack into their computer and steal data,” Canpolat wrote.