Network Attached Shell: N.A.S.ty Systems that Store Network Accessible Shells

Presented at Black Hat Europe 2014, Oct. 16, 2014, 10:15 a.m. (60 minutes).

Through extensive analysis, ISE has identified dozens of previously undisclosed, critical security vulnerabilities in numerous network storage devices from a handful of goto manufacturers (manufacturers: e.g., Seagate, D-Link, Netgear). Vulnerabilities of network-attached storage not only expose stored data, but also provide a vantage point for further PWNAGE of the network infrastructure on which the storage system sits. Our research efforts focused on identifying vulnerabilities that obtained administrative access (such as command injection, directory traversal, authentication bypass, memory corruption, backdoors, etc.), and quantifying the associated risk.

The attacks we developed demonstrate how unauthenticated attackers can compromise and control storage systems with and without user interaction.

Network based storage systems are used in millions of homes, schools, government agencies, and businesses around the world for data storage and retrieval. With today's dependence on Internet based services, virtualization technologies, and the need to access data from anywhere, storage systems are relied on more than ever. Similar to other network hardware (e.g., routers), these devices are purchased and installed by IT teams and home consumers with the expectation that the system is protected from the infamous hacker.

This presentation focuses on "how to," and the implications of compromising network based storage systems, but will conclude that the absence of security in not only storage hardware, but networking hardware in general, has left data unprotected and millions of networks vulnerable to exploitation.

Throughout this presentation, several vulnerabilities will be exploited in order to achieve the glorious ro0t (#) shell! This presentation will also showcase a self-propagating worm that is capable of exploiting network storage systems on both internal and external networks!


Presenters:

  • Jacob Holcomb - Independent Security Evaluators
    Jacob Holcomb (@rootHak42) - OSCE, OSCP, CEH: Residing in Baltimore, MD, Jacob works as a Security Analyst for Independent Security Evaluators (ISE). At ISE, Jacob works on projects that involve penetration testing, application security, network security, and exploit research and development. In addition to projects at work, coding, and his favorite pastime of EIP hunting, Jacob loves to hack his way through the interwebz and has responsibly disclosed several 0-day vulnerabilities in commercial products.

Links:

Similar Presentations: