Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher Has New Attack For Embedded Devices

Posted by Zonk on from the he-can't-take-it-there dept.

tinkertim writes "Computerworld is reporting that a researcher at Juniper has discovered an interesting vulnerability that can be used to compromise ARM and Xscale based electronic devices such as many popular routers and mobile phones. According to the article, the vulnerability would allow hackers to execute code and compromise personal information or re-direct internet traffic at the router level. Juniper plans to demonstrate not only the researcher's discovery, but also how he managed to use a common JTAG developed Boundary Scan to discover the vulnerability at this month's CanSecWest conference in hopes of shifting more of the black hat community to looking at devices instead of software."

4 of 86 comments (clear)

  1. Via JTAG? by Anonymous Coward · · Score: 5, Interesting

    Is this implying that it could be done remotely? The product I work on supports JTAG access via software, but if you can do that, you already own the box. (And have our internal hardware specifications.)

    If it's not remote, then what's the point? I though it was already well-established that if you have physical access to the device you can do anything you want.

    1. Re:Via JTAG? by microbee · · Score: 2, Interesting

      I believe it requires physical access, so it's like "hacking own box". However, vendors typically do not grant full access (read: shell) to customers so very experienced customers (or competitors) could now use this method to get into the black box and find out more internal details.

  2. Re:Researcher Has New Attack For DOS by pytheron · · Score: 2, Interesting

    Hardly new ! We were doing this way back in the warez scene on the Amiga. Whip out your favorite dissasembler, change a few bne.w instructions to jump to the "it's authenticated!" code. Myself and a colleague even did this on the Palm Pilot. (Anyone remember that monkey that you fed crack pipes to on this ?)

    --
    "I am not bound to please thee with my answers" [William Shakespeare]
  3. JTAG Is a tool, not an exploit by Anonymous Coward · · Score: 2, Interesting

    Barnaby used the JTAG to determine vulnerabilities in embedded hardware and the RTOS running on it. The vulnerability is not that he used a JTAG, or even that companies leave JTAG ports enabled on hardware (as i've seen clever hardware hackers pin out the chips themselves to re-enable a removed JTAG port). The point of this article, and much of the work barnaby has been doing for the past couple years (http://research.eeye.com/html/advisories/publishe d/AD20060714.html , also previous presentations at cansec, blackhat, and other confs), is that hardware is not safer than software. Hardware has a slightly higher cost of entry into the vulnerability research area, but it also offers a treasure trove of vulnerabilities for those willing to make the jump.