This type of vulnerability is similar to IP address-based session management holes which has been discussed in my previous post. It is similar in the sense that the web browser of the admin user who is currently logged into the vulnerable device doesn’t send any auth data such as session IDs or passwords. [...]
Devices that implement IP address-based session management follow the algorithm described by the pseudocode shown below:
The implications are obvious: devices located in environments in which different users share the same proxy are vulnerable to administrative session hijacking attacks. Please note that this session hijacking attack has nothing to do with the classic TCP hijacking attack in which sequence numbers are predicted by the attacker. [...]
OK, this is a bit of a funny attack - although it could also be used for criminal purposes! After playing with the BT Home Hub for a while (again!), pdp and I discovered that attackers can steal/hijack VoIP calls. Let me explain …
In summary, if the victim visits our evil proof-of-concept webpage, his/her browser sends a HTTP request to the BT Home Hub’s web interface. [...]
Leaving your WiFi network open is not a good idea. Bruce Schneier does not agree and wrote an interesting article. The following is an extract of it:
Although Bruce is making some good points regarding the smaller likelihood of being attacked via wifi at home as opposed to a public place, he makes one mistake: he assumes the attack will be an attempt to compromise his PC/laptop or eavesdrop his traffic. Of course these are valid attacks, but how about attacking his router? [...]
It’s known that UPnP is inherently insecure for a very simple reason: administrative tasks can be performed on a Internet Gateway Device (IGD) without needing to know the admin password whatsoever! This on its own is quite scary and I personally feel that although there is some research in the public domain, there is much more attention that needs to be paid to UPnP.
UPnP allows you to perform administrative functions. [...]
So now countries like the UK have converted most of their POS terminals to Chip and PIN. The idea is that if somone skimmed your magnetic stripe, they won’t be able to make a purchase without your PIN. Of course, in reality most of the skimmed magstripes are simply being shipped to countries where Chip-and-PIN-like systems haven’t been rolled out yet, which means that criminals will be able to make purchases without knowing your PIN. [...]
Although London enjoys one of the most vibrant infosec industries in the world, there are not as many hacker and security events and one would think. Meetings-wise, we have organizations such as 2600, Defcon, and Owasp among others. However, the number of attendees needs to be improved. Usually, having a turnup of 20 people on one of these meetings is considered a success in London. Not much for such a big city if you think about it. [...]
What is this post about? Well, this is something that pdp and I were playing with a few years ago. As you might already know, although we also do a vulnerability research at GNUCITIZEN, what we like the best is insecurity by design. There is nothing better than finding an attack vector that won’t be resolved by the vendor simply because the product is designed to follow certain behavior. Personally, from a security research point of view, I think that these attacks are the best. [...]
I really think that web interfaces are the low-hanging fruit of embedded devices. Sure classic attacks such as predictable SNMP community strings, exposed TFTP services and buffer overflows still apply. However, by exploiting the web interface we can steal the data we want, we can enable remote access to the compromised router, we own the victim’s connection. In short, bugs on the web interface gives us all we need! Anyway, enough talking! [...]
A couple of weeks ago, my wife pointed out to me this really cool appliance she saw on a magazine. Since she knows I like spending my free time hacking/researching embedded devices, she thought I’d be interested.
In summary, you hookup Slingbox to your TV box, be it digital TV, or cable. Then you can do streaming to your laptop, desktop computer or even mobile/cell phone. [...]
