Comments on: Holes in Embedded Devices: Desynchronized service acting as backdoor http://www.gnucitizen.org/blog/holes-in-embedded-devices-desynchronized-service-acting-as-backdoor/ Information Security Think Tank Fri, 21 Nov 2008 21:51:13 +0000 http://wordpress.org/?v=2.6.3 By: Adrian 'pagvac' Pastor http://www.gnucitizen.org/blog/holes-in-embedded-devices-desynchronized-service-acting-as-backdoor/#comment-123066 Adrian 'pagvac' Pastor Thu, 24 Jul 2008 11:01:40 +0000 http://www.gnucitizen.org/blog/holes-in-embedded-devices-desynchronized-service-acting-as-backdoor#comment-123066 Just noticed a very nice example of a desynchronized service acting as a backdoor: http://www.milw0rm.com/exploits/5289 Even if the user changes the default password, there is still another management service which keeps using the original default pass. Simple vulnerability yet it has obvious serious implications. Just noticed a very nice example of a desynchronized service acting as a backdoor: http://www.milw0rm.com/exploits/5289

Even if the user changes the default password, there is still another management service which keeps using the original default pass. Simple vulnerability yet it has obvious serious implications.

]]> By: DamionKutaeff http://www.gnucitizen.org/blog/holes-in-embedded-devices-desynchronized-service-acting-as-backdoor/#comment-117170 DamionKutaeff Sun, 23 Mar 2008 00:43:50 +0000 http://www.gnucitizen.org/blog/holes-in-embedded-devices-desynchronized-service-acting-as-backdoor#comment-117170 Hello everybody, my name is Damion, and I'm glad to join your conmunity, and wish to assit as far as possible. Hello everybody, my name is Damion, and I’m glad to join your conmunity,
and wish to assit as far as possible.

]]> By: Adrian Pastor http://www.gnucitizen.org/blog/holes-in-embedded-devices-desynchronized-service-acting-as-backdoor/#comment-111486 Adrian Pastor Thu, 07 Feb 2008 21:34:26 +0000 http://www.gnucitizen.org/blog/holes-in-embedded-devices-desynchronized-service-acting-as-backdoor#comment-111486 @Ghost - although this issue is not usually a default setup on embedded devices, I assure you that there are real examples of this vulnerability out there. For instance, I'm currently working towards reporting a very severe issue to a vendor which is based on the same idea: an administrative service different to HTTP which runs by default allows remote access with a different set of credentials. Worst of all, such service is enabled on the WAN interface by default! Most likely I will be able to present this vulnerability among many others on my "Cracking into Embedded Devices and Beyond!" presentation @ HITB Dubai: http://conference.hackinthebox.org/hitbsecconf2008dubai/?page_id=186 @Ghost - although this issue is not usually a default setup on embedded devices, I assure you that there are real examples of this vulnerability out there.

For instance, I’m currently working towards reporting a very severe issue to a vendor which is based on the same idea: an administrative service different to HTTP which runs by default allows remote access with a different set of credentials. Worst of all, such service is enabled on the WAN interface by default!

Most likely I will be able to present this vulnerability among many others on my “Cracking into Embedded Devices and Beyond!” presentation @ HITB Dubai: http://conference.hackinthebox.....age_id=186

]]> By: Adrian Pastor http://www.gnucitizen.org/blog/holes-in-embedded-devices-desynchronized-service-acting-as-backdoor/#comment-111198 Adrian Pastor Thu, 07 Feb 2008 09:54:19 +0000 http://www.gnucitizen.org/blog/holes-in-embedded-devices-desynchronized-service-acting-as-backdoor#comment-111198 @entombed - how about devices that come with telnet running by default? Are *all* admins checking if such services are enabled by default? How about home routers shipped by ISPs with telnet enabled by default on the WAN interface? Think about this for a second. We all remember the BeThere fiasco in which a backdoor account could be used to login to routers from the Internet via telnet: http://blogs.securiteam.com/index.php/archives/826 @entombed - how about devices that come with telnet running by default? Are *all* admins checking if such services are enabled by default?

How about home routers shipped by ISPs with telnet enabled by default on the WAN interface? Think about this for a second. We all remember the BeThere fiasco in which a backdoor account could be used to login to routers from the Internet via telnet: http://blogs.securiteam.com/index.php/archives/826

]]> By: Ghost http://www.gnucitizen.org/blog/holes-in-embedded-devices-desynchronized-service-acting-as-backdoor/#comment-111132 Ghost Thu, 07 Feb 2008 06:50:28 +0000 http://www.gnucitizen.org/blog/holes-in-embedded-devices-desynchronized-service-acting-as-backdoor#comment-111132 I've dealt with routers that have telnet off by default (or at least booted you as soon as you connected) but it was possible to enable them and be accessed by the default username and password. Dunno how many of them are out there that are like that but its interesting though. I’ve dealt with routers that have telnet off by default (or at least booted you as soon as you connected) but it was possible to enable them and be accessed by the default username and password. Dunno how many of them are out there that are like that but its interesting though.

]]> By: entombed http://www.gnucitizen.org/blog/holes-in-embedded-devices-desynchronized-service-acting-as-backdoor/#comment-110886 entombed Wed, 06 Feb 2008 18:45:09 +0000 http://www.gnucitizen.org/blog/holes-in-embedded-devices-desynchronized-service-acting-as-backdoor#comment-110886 If a specific service such as telnet is needed it's most likely the admin has changed the default password. Otherwise the service will be disabled anyway. If a specific service such as telnet is needed it’s most likely the admin has changed the default password. Otherwise the service will be disabled anyway.

]]>