Description: Embedded devices are getting more and more pervasive, but not so much material is currently available regarding the exploitation of such devices. Few vulnerabilities are published and even less regarding the possibility of executing arbitrary code, while exploits and shellcodes are nearly absent. Thorough security reviews are rarely performed on these devices and release of patches and fixes is usually lagging behind, affecting the overall security level of these devices. Regarding the research side, it has focused mostly on the security of the wireless communications and the related implementation,or techniques for attacking devices with private addressing. On the other hand, not much has been published regarding the actual exploitation of these devices, that may, in some cases, be non-trivial due to the specific challenges (eg: non-x86 architecture, CPU cache incoherency, on-device debugging..)
This talk aims to bring contribution to this field by demonstrating remote arbitrary code execution on Access Points, with specific reference to Linux/MIPS platform, by leveraging many, previously undisclosed, vulnerabilities.
Devices from major manufacturers, all loaded with their stock firmware, are targeted and multiple vulnerabilities allowing remote code execution on the target devices will be proposed, discussed and demonstrated. Different kind of flaws bring also different opportunities, depending on the the attack range (eg: can be carried over the Internet or from internal LAN) or the need for authentication: the proposed vulnerabilities and demos have been chosen and designed for providing sample of different attacks, scenarios and opportunities. A remote root shell on the target device will be achieved in each demo. A .no-auth remote blind. attack scenario, where arbitrary code is run by a remote attacker over the Internet, on a device placed in an internal LAN with private addressing, without the need of any authentication, will be also demonstrated for at least one of the targets. Additional flaws found during research, that allow for remote credentials and keys extraction, command injections and other interesting stuff, will be also proposed
Tags: securitytube , Confidence , hacking , hackers , information security , convention , computer security , Confidence 10 , Confidence-2010 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.