embedded devices
BLACK HAT WASHINGTON DC CFP NOW OPEN
Held February 16-19, 2009 at the Hyatt Regency Crystal City. Black Hat DC is
the leading security conference focused on the needs of government and
infrastructure security professionals, with tracks focused on Hardware and
Embedded Devices, Reverse Engineering and Malware, Client Wars and
Application Security, and Forensics and Network Protection. We hope to see
you there for another highly technical and refreshingly vendor-neutral
event.
Submitters will have until January 1 to get their papers into the Black Hat
We are mainly interested in talks on
Virtualization Stuff
Modern physical attacks (Eavesdropping/tapping, bugging devices, attacks on mobile devices)
Embedded Devices
Industrial Networking
Security in Carrier Environments
Secure Coding
If you think your talk could be appropriate for the "Defend Track" feel free to apply for that one. Be aware the audience will be different from the one you have at - say - CCC (and we've very few speaker slots left there, too). Of course you can apply for a sole late-night talk as well. Note that - given the attractiveness of Munich's night life - you might have a very small audience there.
# WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
# Analysis of malicious code
# Applications of cryptographic techniques
# Analysis of attacks against networks and machines
# File system security
# Security of Embedded Devices
# Side Channel Analysis of Hardware Devices
Further details:
http://conference.hackinthebox.org/hitbsecconf2009kl/?page_id=292
- An Effective Methodology to Enable Security Evaluation at RTL Level
- Remote Code Execution Through Intel CPU Bugs
- Next Generation Reverse Shell
- Build Your Own Password Cracker with a Disassembler and VM Magic
- Decompilers and Beyond
- Cracking into Embedded Devices and Beyond!
- Client-side Security
- Top 10 Web 2.0 Attacks
===
# WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
# Analysis of malicious code
# Applications of cryptographic techniques
# Analysis of attacks against networks and machines
# File system security
# Security of Embedded Devices
# Side Channel Analysis of Hardware Devices
PLEASE NOTE:
We do not accept product or vendor related pitches. If your talk
'libtorrent' is an open-source C++ bittorrent library by Rasterbar
Software that is used in many desktop applications and embedded devices.
Popular BitTorrent clients that use this library are 'firetorrent',
'qBittorrent' and 'deluge Torrent'. For a more comprehensive list
of libtorrent-based applications, see [1].
I have discovered an 'arbitrary file overwrite' vulnerability in
libtorrent that allows an attacker to create and modify arbitrary files
(and directories) with the effective rights of the user executing
the vulnerable libtorrent-based application.
> http://snipurl.com/29oo4
>
> [3] "Default key algorithm in Thomson and BT Home Hub routers"
> http://www.gnucitizen.org/blog/default-key-algorithm-in-thomson-and-bt-home-hub-routers/
>
> [4] "Cracking into embedded devices and beyond! - CONFidence, Krakow 2008"
> http://www.gnucitizen.org/projects/confidence-2008/Cracking%20into%20embedded%20devices%20-%20CONFidence%202K8.pdf
>
--
Adrian 'pagvac' Pastor | Security Consultant and White Hat Hacker | GNUCITIZEN
exposed admin interfaces (HTTP/SSH/Telnet/whatever) using default/weak
credentials.
While the Chuck Norris botnet is interesting in that it shows that the
problem is real, it shouldn't surprise anyone who has researched the
security of broadband embedded devices.
It's also not the first time an incident of this nature has happened.
I'm sure a lot of the list readers remember the mass-phishing attack
launched November 2007 [1] against several popular 2Wire broadband
routers in Mexico. The attack was accomplished by means of changing
http://www.gnucitizen.org/blog/default-key-algorithm-in-thomson-and-bt-home-hub-routers/
Yes, we're back with more embedded devices vulnerability research! And
yes, we're also back with more security attacks against the BT Home
Hub (most popular DSL router in the UK)!
As you know, we encourage folks in the community to team up with
GNUCITIZEN in different projects as we've had very successful
experiences doing so. This time it was Kevin Devine's turn. Kevin, who
is an independent senior security researcher, did an awesome job at
In the wild...
#########################################################################################
[Info]: Easy to use web server for Windows and UNIX. Mongoose provides simple and clean API
for embedding it into existing programs. Targeting Web application developers, embedded system developers,
and people who need to setup file sharing quickly.
[Site]: http://code.google.com/p/mongoose/
0000440 - Malware
0000460 - Protection/DRM
0000500 - Anti-reversing
0000520 - Static/runtime analysis
0000540 + Hardware
0000560 - Embedded devices, consoles, femtocell
0000600 - Cellphones
0000620 - RFID, SDR (software defined radio)
0000640 - Side channel attacks
0000660 - Physical security (cameras, access control)
0000700 + Protocol
directly from the ipcomp protocol handler. This recursive implementation fails
to check for stack overflow, and is therefore vulnerable to a remote
pre-authentication kernel memory corruption vulnerability.
The NetBSD/KAME network stack is used as basis for various other
operating systems, such as Xnu, FTOS, various embedded devices and
network appliances, and earlier versions of FreeBSD/OpenBSD (the code
has since been refactored, but see the NOTES section regarding IPComp
quines, which still permit remote, pre-authentication, single-packet,
spoofed-source DoS in the latest versions).
Overview:
Microsoft Windows Mobile 6 is the latest version of Microsoft's
mobile operating system. Designed for small embedded devices,
Windows Mobile is the CE feature set designed for PDA's and mobile
telephones. Microsoft Windows Mobile comes in three distinct
flavors, Pocket PC, Pocket PC Phone Edition and SmartPhone
A vulnerability has been discovered in the SMS handler on
http://www.gnucitizen.org/blog/default-key-algorithm-in-thomson-and-bt-home-hub-routers/
Yes, we're back with more embedded devices vulnerability research! And
yes, we're also back with more security attacks against the BT Home
Hub (most popular DSL router in the UK)!
As you know, we encourage folks in the community to team up with
GNUCITIZEN in different projects as we've had very successful
experiences doing so. This time it was Kevin Devine's turn. Kevin, who
is an independent senior security researcher, did an awesome job at
http://snipurl.com/29oo4
[3] "Default key algorithm in Thomson and BT Home Hub routers"
http://www.gnucitizen.org/blog/default-key-algorithm-in-thomson-and-bt-home-hub-routers/
[4] "Cracking into embedded devices and beyond! - CONFidence, Krakow 2008"
http://www.gnucitizen.org/projects/confidence-2008/Cracking%20into%20embedded%20devices%20-%20CONFidence%202K8.pdf
--
Adrian 'pagvac' Pastor | Security Consultant and White Hat Hacker | GNUCITIZEN
gnucitizen.com
http://www.gnucitizen.org/blog/default-key-algorithm-in-thomson-and-bt-home-hub-routers/
Yes, we're back with more embedded devices vulnerability research! And
yes, we're also back with more security attacks against the BT Home
Hub (most popular DSL router in the UK)!
As you know, we encourage folks in the community to team up with
GNUCITIZEN in different projects as we've had very successful
experiences doing so. This time it was Kevin Devine's turn. Kevin, who
is an independent senior security researcher, did an awesome job at
- Malware
- Protection/DRM
- Anti-reversing
- Static/runtime analysis
+ Hardware
- Embedded devices, consoles, femtocell
- Cellphones
- RFID, SDR (software defined radio)
- Side channel attacks
- Physical security (cameras, access control)
+ Protocol
German ISP 'Alice' has been shipping custom embedded devices (DSL
modems/routers etc.) for the past few years. Their first self-branded
DSL modem, Alice Modem 1111, using firmware version 4.19, is prone to at
least the following two security vulnerabilities (after it has passed
initial configuration).
1. Denial of Service (DoS) via HTTP GET:
http://alice.box/natAdd?apptype=userdefined&rulename=%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E&waninterface=ipwan&inthostip1=192&inthostip2=168&inthostip3=1&inthostip4=99
After accessing this URL, the modem fails to accept any additional
* Network security
* Web application security
* Virtualization and cloud computing
* Innovative attack strategies
* Forensics
* Embedded devices
* Physical security and lock picking
* Biometrics
* Hardware hacking
* Phone phreaking
* Biohacking
* Honeypots
* Forensics
* Embedded devices
* Physical security and lockpicking
* Biometrics
Advisory URL: http://www.ikkisoft.com/stuff/LC-2009-01.txt
[Summary]
ZeroShell (http://www.zeroshell.net/eng/) is a small Linux distribution
for servers and embedded devices. This Linux distro can be configured
and managed with an easy to use web console.
ZeroShell is prone to an arbitrary code execution vulnerability due to
an improper input validation mechanism. An aggressor may abuse this
weakness in order to compromise the entire system.
'/config/configure-systems.html'. The injected code can perform any
actions within the context of the current session (full administrative
rights).
Although usually the SNMP write community string must be guessed/cracked
for a SNMP injection [1] attack to work, some embedded devices come with
SNMP read/write access enabled by default. Some examples include many
ZyXEL Prestige router models [2] used in residential and SOHO networks,
and also products used in corporate and government environments such as
the Proxim Tsunami MP.11 2411 Wireless Point-to-Multipoint System.
http://www.gnucitizen.org/blog/default-key-algorithm-in-thomson-and-bt-home-hub-routers/
Yes, we're back with more embedded devices vulnerability research! And
yes, we're also back with more security attacks against the BT Home
Hub (most popular DSL router in the UK)!
As you know, we encourage folks in the community to team up with
GNUCITIZEN in different projects as we've had very successful
experiences doing so. This time it was Kevin Devine's turn. Kevin, who
is an independent senior security researcher, did an awesome job at
http://www.gnucitizen.org/projects/router-hacking-challenge/
The Router Hacking Challenge is Over! We've got some very interesting
results which prove that routers', and in general embedded devices',
security is poor. There is definitely more room for further
development and we urge security researchers and hobbyists to keep the
challenge alive with new submissions. I hope that the challenge was as
educational and entertaining as practical and useful to all of us.
Here is a quick summary, in no particular order, of the types of
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SNMP Injection: Achieving Persistent HTML Injection via SNMP on Embedded
Devices
Introduction
In our earlier "ZyXEL Gateways Vulnerability Research" paper[1], we
introduced a new technique: SNMP injection a.k.a. persistent HTML
|
