Abstract:
Most embedded devices have web interfaces written like it was 1998 and perl was still cool. We show how to use various problems in browser to find the vulnerable devices, how to use CSRF to interact with them and XSS to export data.

By getting the user just to visit a page under our control when on their home network it may be possible to: reflash firmware, dump and export the PSK from wifi extenders, reprogram DNS settings and/or run arbitrary commands.

if we can get a computer to join our fake “”free wifi access point”” we can also steal cookies – which can include full username and password in the case of particular devices.

Some of these issue have been fixed by the vendor in the case of BT, Netgear, D-link. Others are still outstanding – Coredy, Edimax, Netgear (again), Belkin.

Bio:
Jamie Riden has degrees in maths and computers, and AI and likes building and breaking stuff. In real life he’s a pen-tester but also writes some code as badly as you might imagine a pen-tester would. He has an Erdős number of 4, quite undeservedly.

Posted on Friday, February 17th, 2017 at 9:53 PM in talks | rss feed for comments| Both comments and pings are currently closed.