Advanced SOHO Router Exploitation

Presented at DeepSec 2015 „DeepSec No. 9“, Nov. 19, 2015, 2:50 p.m. (50 minutes)

In this talk we will look into how a series of 0-day vulnerabilities can be used to hack into tens of thousands of SOHO Routers. We will elaborate on the techniques that were used in this research to locate exploitable routers, discover 0day vulnerabilities and successfully exploit them on both the MIPS and ARM platforms. The talk will cover the following topics: - Dumping and analyzing router firmware from an ISP provided router. - Tips and Tricks to discovering vulnerabilities on the router - Identification of vulnerabilities - Explanation of how to write ARM / MIPS exploits - ROP Gadgets used for writing ARM and MIPS Proof-Of-Concept - Post exploitation concepts - creative use of exploits

Presenters:

  • Lyon Yang - Vantage Point Security
    Lyon Yang is a senior security consultant at Vantage Point Security with a research focus on embedded systems hacking and exploitation. He is from sunny Singapore, the world's first smart city. His regular discoveries of zero days in a variety of router models has earned him a reputation as the go-to guy for router hacking in Singapore, where he has been hired to do firmware source code reviews on popular router models. He is currently working on a comprehensive testing framework for ARM and MIPS based routers as well as shell code generation and post-exploitation techniques.

Links:

Similar Presentations: