Cross-Router Covert Channels Vulnerabilities

This is an interesting paper. It discusses ways to escape isolated networks by using protocols that are built into routers.

I understood much of what was being said, but there are a couple of things I’m not completely clear on. Some of the issues are due to crappy implementation on consumer routers. However, are routers like pfsense and the USG vulnerable to any of this? More specifically, are our networks potentially vulnerable due to compromised devices on an IoT network? If so, how significant is the risk, and what are best practices to mitigate that risk?

They have a break down on Bleeping Computer about this topic

Short answer, it’s not that big of a threat right now.

Reminds me of this, in older Cisco equipment you could escape VLANS.

It sounded similar to a VLAN escape to me too. Hopefully someone doesn’t find a way to weaponize this. It sounds like a potentially dangerous pivot point for the millions of networks out there that are using routers like this. Granted most people aren’t segregating their IoT devices…

1 Like