|
Abstract:
The use of embedded devices present on a network as a vector for
attacks against endstations is a threat that has not yet been
realized, despite the knowledge of a number of vulnerabilities
affecting such devices. This is probably due to the resistance of such
devices to reverse engineering: they frequently run custom operating
systems on obscure architectures.
Using embedded devices as a vector for attack does, however, have two
significant advantages:
- Detection of the code running on the embedded device is much
harder than it would be on a general purpose computer: few tools are
available, and a severely limited interface is presented to the end
user
- Embedded devices in the form of network infrastructure provide an
excellent platform for attack, because they are ideally placed for
covert monitoring and insertion of traffic
When hard-to-detect malicious code can be uploaded to embedded devices
on a network, a number of different attacks become feasible. A packet
sniffer running on a network switch itself could be used to forward
packets matching a particular signature to a third party. Packets
could also be generated on the device itself, perhaps in order to
mount attacks on end-systems. An attack mounted in this manner would
be far harder to contain than one initiated from an normal PC,
especially if the ability to reflash the firmware on the device were
disabled by the inserted code.
I am currently working on reverse engineering the firmware present in
a widely-used switch based around a Motorola 68EC020 processor, and
aim to present a demonstration of the insertion of custom code into
this device.
|
