Bigger On The Inside
13
Bigger on the Inside: The Tardis Effect on the Security of Embedded Systems Image: http://www.flickr.com/photos/bupswee/2738391972/
-
Upload
michael-carson -
Category
Technology
-
view
1.013 -
download
1
description
Talk for Penn State SRA Club on the challenges of doing security audits on systems including embedded devices in limited time and with a limited budget.
Transcript of Bigger On The Inside
Bigger on the Inside:
The Tardis Effect on the Security of Embedded Systems
Image: http://www.flickr.com/photos/bupswee/2738391972/
Problem space
Embedded systems are frequently overlooked during a security audit.
This can have surprising results during an actual incident.
Security auditors need to pay attention to devices that appear to be limited function, as
they may be bigger in the inside.
What is an embedded system?
“An embedded system is a computer system designed to perform one or a few dedicated functions often with real-time computing constraints. It is embedded as part of a complete device often including hardware and mechanical parts.”
-Wikipedia
http://www.flickr.com/photos/squeezyboy/3300595223/
Why are they overlooked?
• Ubiquitous• Small• Appear limited• Not sexy• Lack of attack tools• Cramped payloads
http://www.flickr.com/photos/cogdog/3771231430/
Why are they vulnerable?
• Virtues of a programmer– Laziness, Impatience, Hubris
• Code re-use: BSD• Systems reuse: Linux, Windows• Lack of security orientation
Who overlooks them?
• Rushed security auditors• Busy sysadmins• Unaware designers• Tool-using hackers• Internal bad actors? Well…• High-level, determined attackers? Er…
http://www.flickr.com/photos/sophos_germany/3321595771/
What happens when they fail?
• Device goes away• Low-profile attack platform• Opportunity to quietly mess with the victim• Can operate quietly forever• Possibly forensics resistant
http://www.flickr.com/photos/heinousjay/517339489/
The Xerox Workcentre™ Unintentional Server
• BH 2006 Brendan O'Connor “Vulnerabilities in Not-So Embedded Systems”
• Multifunction copy/scan/print• 1GHz AMD, 256MB, 80GB HDD• Linux, Apache, Postgress• Authentication Bypass by switching URL• Command injection to iptables from admin
interface
Image: Courtesy of Xerox Corporation.
Shmoocon Talk: Femtocell Fail
"Through the theoretical attack method outlined in our talk, the attacker would compromise the femtocell device to gain full root access over the device," Fasel said. "As the attacker has access to the device, any services the device offers [are] subject to the attacker's control, including voice, data, authentication and access to the femtocell's home network.“
Zfasel, jaku, the information wants to be free!
http://www.flickr.com/photos/yourdon/4254008662/in/photostream/
A Radio, and a Whole Lot More
• The information wants to be free…but so do I.• Unnamed Radio System (URS)• Software Radios• Embedded Linux controller• Blank root password, root allowed Telnet• Ancient version of the commercial Linux
Image: http://www.flickr.com/photos/synthesisstudios/414382700/
How can they be addressed?
• Research• Scanners• Fingerprinting• Others…
http://www.flickr.com/photos/tjt195/380173157/
Let’s Review
• Frequently skipped• Best intentions lead to failure
• Best intentions fail to find them• Worst intentions seem to, though
• Real-world examples exist• Mix of techniques
http://www.flickr.com/photos/sheepbackcabin/3219647072/
Wake up!
http://www.flickr.com/photos/walkn/3526522573/
