Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Jun 22, 2015
[Title] Embedded Security in The Land of the Rising Sun
[Abstract] Embedded device security is an issue of global importance, and one that has grown exponentially over the last few years. Because of their slow patch cycles and the increasing difficulty of exploiting other,more traditional platforms, they have quickly become a favorite target for researchers and attackers alike. While deeply fragmented, each country has its own unique “footprint” of these devices on the Internet, based largely on the embedded devices distributed by major ISPs. We will use our survey of Japanese devices as an example of how, by fingerprinting and examining popular devices on a given country's networks, it is possible for an attacker to very quickly go from zero knowledge to widespread remote code execution.
During this talk, we provide an in-depth analysis of various routers and modems provided by popular Japanese ISPs, devices which we had never heard of on networks we had never used . We discuss how we approached surveying approximate market usage, reverse engineering obfuscated and encrypted firmware images, performing vulnerability analysis on the recovered binaries, and developing of proof-of-concept exploits for discovered vulnerabilities, all from the United States. In addition, we provide recommendations as to how ISPs and countries might begin to address the serious problems introduced by these small but important pieces of the Internet.
All vulnerabilities discovered were promptly and responsibly disclosed to affected parties.
[Bio] BEN SCHMIDT As the Lord Commander of Security Research at Narf Industries, Ben relentlessly penetrates complex systems, performing embedded device exploitation, malware analysis, penetration testing, and vulnerability research. He has discovered and reported major vulnerabilities in man popular products and platforms, such as Wireshark, Wordpress, Android, and various widely used embedded devices. He is a passionate practitioner of memory corruption, a strong believer in the awesome power of "strings", and a leading expert in the field of completely epic pwnage.
PAUL MAKOWSKI Paul Makowski serves as Narf Industries' Director of World Domination where he identifies problematic ideas (and means to fix them) deployed in places you might not expect. In his spare time, Paul enjoys studying cryptocurrency extensions, state of the art exploit mitigations, and reading manuals for deliciously complex processor architectures. His current area of interest is at the boundary between hardware and software, focusing on low-level software exploitation and the use of hardware-backed trust primitives.