With the introduction of more and more IOT and embedded devices in the market, hackers are starting to find firmware exploitation as a more viable mechanism for gaining access into networks and taking over machines. Many of these devices don’t include security mechanisms out of the box, can contain backdoors that provide easy shells, or contain a number of other vulnerabilities that can make them an easy point of entry into any network.
This blog will be the first in a series on how to dump and analyze the firmware of embedded devices. I will address the various ways we can access firmware and analyze it for vulnerabilities so we can confirm if these connected devices that are so prevalent in all our homes are really safe and secure.
The Badge Challenge
The first device we will be looking at is a conference badge. I got the idea from the badge challenge from a BSides Rochester event (fig.1). A badge challenge, for those who don’t know, is often done at security conferences where an electronic badge is provided to attendees. Because of its very nature, these badges house sensitive data and the challenge is around finding vulnerabilities and data that can assist in the conference’s overall “Capture the Flag” hacking competition.
If you’ve never attended a BSides conference I recommend looking at one near you (http://www.securitybsides.com/w/page/12194156/FrontPage).
Figure 1 – bsides Badge
The first thing we need to do when analyzing an embedded device – like this badge — is to identify the chips on the board. Generally, what we are trying to find is some sort of chip that store ..
Support the originator by clicking the read the rest link below.
