EXPLOITING EMBEDDED SYSTEMS THE SEQUEL!

More documents

Recommendations

Info

Locating VulnerabilitiesRouter attack points:• Wireless – use lorcon library for injecting packets• External interface (IDS, tcp stack)• LAN side (UPNP, web server, etc)• Vulnerabilities that are near-dead in the PC realm, are abundant• Check malloc returns! ☺Party like it’s 1999!Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 28
System-On-Chip Designs• Many chipset companies offer SoC designs with code integrated onchip• The API functions on-chip may then be called by the developer• Wireless SoC designs are very popular• SoC’s are used on most home routersA flaw in the wireless code would affect many devices!…and patching would be interesting!Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 29
Page 1 and 2: EXPLOITING EMBEDDEDSYSTEMSTHE SEQUE
Page 3 and 4: Embedded Architectures• MIPS and
Page 5 and 6: The ARM Architecture• RISC based
Page 7 and 8: The BDI2000JTAG Support for:• MIP
Page 9 and 10: The JTAG Interface - ARM/XSCALE•
Page 11 and 12: The Serial Interface• Support for
Page 13 and 14: Locating the JTAG pointsTypical sce
Page 15 and 16: Connecting the BDI2000Copyright ©
Page 17 and 18: Defeating the Watchdog• Software
Page 19 and 20: Debugging and Reversing• Flash on
Page 21 and 22: Debugging and Reversing• Decrypte
Page 23 and 24: New Attack Classes• Exploitable N
Page 25 and 26: New Attack Classes - Vector Rewrite
Page 27: New Attack Classes - Prevention•
Page 31 and 32: Exploitation (ARM)• The ARM proce
Page 33 and 34: ExploitationTwo Step Exploitation1
Page 35 and 36: Exploitation (ARM)Set remote config
Page 37 and 38: Exploitation• Successful exploit
Page 39 and 40: Firmware PatchConsiderations:• Ne
Page 41 and 42: Injector 2.0• Watch for downloads
Page 43 and 44: Exploit DemonstrationDEMO!Copyright
Page 45 and 46: Summary• Security flaws are abund

EXPLOITING EMBEDDED SYSTEMS THE SEQUEL!

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?