How I met ZynOS. A journey from compromised router to Zyxel’s OS internals. presented at ekoparty 2013

by Alexander Markov,

Summary : It’s all started with my friend’s post to Facebook asking if it’s normal that his browser alarms about invalid SSL certificate for Google web pages. Only in cases when he browsed from his home. I took his TP-LINK router to my place and started investigation. I’ve found that routers supplied by main country TELKOM provider can be attacked from the web and admin access is easy to get. I scanned the IP range and found other infected routers. I wondered if they were put in some kind of botnet and if firmware was modified or not. I realized that ZynOS is such an unstudied subject, the only vulnerabilities published are those can be found via WEB interface. No code execution! More than 15 years!