Cracking into embedded devices and beyond! presented at HackLu 2008

by Adrian ‘pagvac’ Pastor,

Summary : The presentation covers cracking into embedded devices by exploiting vulnerabilities present on default software running on the target device with a focus on vulnerabilities that can be exploited remotely.
Personal discoveries will be covered, including vulnerabilities found in home/SOHO devices and also corporate appliances. Some interesting vulnerabilities found on embedded devices by other peers such as Kevin Devine will also be explained.
The types of vulnerabilities discussed include, but are not limited to:
UPnP and HTTP CSRF VoIP call jacking SNMP injection Phishing via Dynamic DNS poisoning Prediction of default WEP/WPA encryption keys Password leaks over SNMP Insecure default SNMP settings Authentication bypass Privilege escalaton Persistent HTML injection on admin consoles
Not only will *real attacks* be explored, but also the *consequences* of cracking into embedded devices. How nasty can it get after an embedded device has been exploited? How far does the rabbit hole go?