Embedded management interfaces emerging massive insecurityEmbedded management interfaces emerging massive insecurity
  1. talk
  2. hacking

Embedded management interfaces emerging massive insecurity

Available Media

Publication (Pdf)

Slides (pdf)

ConferenceBlack Hat USA 2009
AuthorsHristo Bojinov , Elie Bursztein

Over the last few years, the number of devices that embed user-friendly management interfaces accessible from the network has drastically increased. These interfaces can be found on almost every kind of device, from lights-out management systems for PCs, to small SOHO NAS appliances, or photo frames.

In this talk, we will cover the attack surface of embedded management interfaces and pinpoint which parts of them are the most likely to be vulnerable, based on our evaluation of more than a dozen device models from different categories. In particular, we will review known yet underestimated implementation shortcuts that lead to vulnerabilities. To illustrate each shortcut, we will describe real-world vulnerabilities that we have found and exploited in devices from Intel, Linksys, Lacie, Samsung, and Dell among others.

newsletter signup slide

Get cutting edge research directly in your inbox.

newsletter signup slide

Get cutting edge research directly in your inbox.