Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher Has New Attack For Embedded Devices

Posted by Zonk on from the he-can't-take-it-there dept.

tinkertim writes "Computerworld is reporting that a researcher at Juniper has discovered an interesting vulnerability that can be used to compromise ARM and Xscale based electronic devices such as many popular routers and mobile phones. According to the article, the vulnerability would allow hackers to execute code and compromise personal information or re-direct internet traffic at the router level. Juniper plans to demonstrate not only the researcher's discovery, but also how he managed to use a common JTAG developed Boundary Scan to discover the vulnerability at this month's CanSecWest conference in hopes of shifting more of the black hat community to looking at devices instead of software."

6 of 86 comments (clear)

  1. Long on hype, short on details by russotto · · Score: 2, Insightful

    If the attack involves popping open the router and attaching wires to the JTAG port, I'm not going to worry about it.

  2. Re:Is the article suggesting by ePhil_One · · Score: 2, Insightful
    that Juniper wants the BLACK HAT hackers focusing on their hardware?

    Not on their hardware, but hardware in general. Show folks that those Linksys firewalls aren't as good as the Netscreen product which cost 5x to 100x more. I'm sure they are unreasonably confident in the security of their own product.

    --
    You are in a maze of twisted little posts, all alike.
  3. If you have physical access, you already won. by argent · · Score: 3, Insightful

    About the only part of the software industry that doesn't assume that you've already won if you've got physical access to the box (and getting into a JTAG port kind of implies that) are the folks who still have a dog in the DRM fight... and there's fewer of them every year.

  4. Re:Via JTAG? by yorgasor · · Score: 4, Insightful

    No, he used JTAG to discover the vulnerability. He will disclose how to take advantage of the vulnerability at the conference. He's just letting other people know they can peek into hardware using the JTAG interface as well.

    --
    Looking for a computer support specialist for your small business? Check out
  5. Re:Via JTAG? by QuasiEvil · · Score: 2, Insightful

    Difficult at best, impossible in 99.999% of cases. For the most part, in modern high speed digital design, all of the bus path lengths are close to the same for reasons of propagation delay. Also, you don't really want to induce current flow, you want to induce a DC voltage at exactly the right moment. As you'll remember, one of the components of induction is frequency, and you'd need to synchronize your induced peaks with exactly when the device was sampling.

    I'm not saying it's impossible, but it would be a herculean effort to even provide the most basic of anomalies reliably. Plus, well, most of your massive effort could be defeated by the $4 metal case. :)

  6. Re:Researcher Has New Attack For DOS by Anonymous Coward · · Score: 1, Insightful

    yah, thats called vmware.