Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Download
Standard view
Full view
of .
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
How to: Exploit Embedded Devs - SANS 3rd Qrtr 2012

How to: Exploit Embedded Devs - SANS 3rd Qrtr 2012

Ratings: (0)|Views: 99|Likes:
Published by lil_king420

Exploiting Embedded Devices
The goal of this paper is to introduce a persistent backdoor on an embedded device.
The target device is a router which is running an embedded Linux OS. Routers are the main ingress and egress points to the outside world on a computer network, and as such are a prime location for sniffing traffic and performing man in the middle attacks. If an attacker controls your router they control your network traffic. Generally routers have weaker security than a modern desktop computer.

Exploiting Embedded Devices
The goal of this paper is to introduce a persistent backdoor on an embedded device.
The target device is a router which is running an embedded Linux OS. Routers are the main ingress and egress points to the outside world on a computer network, and as such are a prime location for sniffing traffic and performing man in the middle attacks. If an attacker controls your router they control your network traffic. Generally routers have weaker security than a modern desktop computer.

More info:

Categories:Types, School Work
Published by: lil_king420 on Feb 21, 2014
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

03/29/2014

pdf

text

original

 
SANS InstituteInfoSec Reading Room
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission.
Exploiting Embedded Devices
The goal of this paper is to introduce a persistent backdoor on an embedded device. The target device is arouter which is running an embedded Linux OS. Routers are the main ingress and egress points to the outsideworld on a computer network, and as such are a prime location for sniffing traffic and performing man in themiddle (MITM) attacks. If an attacker controls your router they control your network traffic. Generallyrouters have weaker security than a modern desktop computer. These "always-on" devices...
      A      D
 
 
!"#$%&'( *+,- ./0.1
 
Exploiting Embedded Devices
GIAC (GPEN) Gold Certification
Author: Neil Jones, neil@neiljsecurity.co.uk  Advisor: Dominicus Adriyanto Accepted: October 14, 2012 Abstract The goal of this paper is to introduce a persistent backdoor on an embedded device. The target device is a router which is running an embedded Linux OS. Routers are the main ingress and egress points to the outside world on a computer network, and as such are a  prime location for sniffing traffic and performing man in the middle (MITM) attacks. If an attacker controls your router they control your network traffic. Generally routers have weaker security than a modern desktop computer. These

-
   
modern security mechanisms and are overlooked when it comes to computer security, yet these routers contain a large number of access vectors. This paper covers the process of detection, to exploitation and finally complete device modification.
 
Exploiting Embedded Devices
 
2  Neil Jones, neil@neiljsecurity.co.uk
1 Introduction
The majority of routers operate using a form of embedded Linux OS. This is an advantage to the majority of penetration testers as Linux is likely to be a familiar  platform to work with; however the distributions that routers tend to run are very optimised, and as such the entire firmware for a router is generally only a few Megabytes in size. Most routers manage to function on such a small footprint by implementing busybox (BusyBox, n.d). Busybox is a single binary with the functionality of many basic Unix utilities and it is a modular binary meaning it can be customised to the vendors specific requirements, as such not all busybox binaries will contain the same amount of functionality. By default services such as ftp and telnet (which are often good avenues for attack) will be included in the busybox binary. Hardware wise routers usually have a small amount of flash memory, which is split into  partitions for the firmware and configuration storage. It will have a large amount of RAM, which is usually a few times the size of the flash storage. The processors in the devices vary greatly but they are usually ARM or MIPS based, these are low cost  processors that have low power consumption, but this means that you have to compile applications specifically for that architecture. A devices firmware will consist of a firmware header, a boot loader, a Linux kernel and a file system. The Linux Kernel contained within the routers firmware is often outdated and liable to contain known exploits and security holes. Features such as Data Execution Prevention (DEP) and Address Space Layout Randomisation (ASLR) are not employed to help  prevent exploits from successfully taking over a system. The file system used on devices will vary and use compression techniques to save space. Squashfs (SQUASHFS, n.d) and cramfs(Free Electrons, n.d) are examples of file

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->