The perfect place for a backdoor (VM Hub 3.0) presented at BSidesManchester 2019

by Balazs Bucsay,

Summary : Testing embedded devices are mostly fun, in some cases it is like being in the 90’s looking for bugs that should be extinct by now. The Virgin Media’s Hub 3.0 was not different than that at all. After a few hours actively trying to find a bug in the system, a remote command execution bug was found, but that was just the beginning of this story.Over time, many other bugs were found and eventually a full chain of exploits was created which made it possible to control the device remotely with no user interaction and potentially take control over millions of these devices, installing backdoors in them in a way that would be extremely hard to find and investigate.