|August 11, 2022|4 MinutesNew research findings from Faraday goes to DEF CON
Our research team presents:
Exploring the hidden attack surface of OEM IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS. Octavio Gianatiempo (@ogianatiempo) and Octavio Galland (@GallandOctavio).
Friday, August 12th, 2022. Track 1.
In this era of remote work, corporate networks overlap with home networks and sensitive information abounds behind consumer-grade routers. But these devices might not be designed with security as a priority. Hence, Faraday’s security research team evaluated the top-selling home router in Argentina. In this research effort, they discovered an exploitable vulnerability that could allow an attacker to take control of this router remotely without requiring user intervention and under default settings. By exploiting this vulnerability, an attacker can execute their code on the device and modify any setting or even use the router to intercept traffic and scan for devices on the local network. When they tracked down the origin of this vulnerability, they found that it was part of the code that Realtek, the manufacturer of this router’s processor, provides to the vendors.
This finding implies that the same vulnerability can be found in other devices from different brands. After automating the detection of this vulnerability on a given firmware image, which is the code that controls a router, they found at least 13 models affected from 4 different vendors, amounting to over 130K vulnerable devices sold in Latin America alone. The presence of this vulnerability in multiple router models proves that the code shipped by Realtek as an OEM was never reviewed from a security standpoint in any step of the supply chain.
The researchers will be presenting their findings at DEFCON 30, in a technical talk that will delve into the inner workings of these routers, their real-time operating system called eCos, the details of this vulnerability, its detection, and how it can be exploited by an attacker to gain full control of an affected router.
Advisory:
https://www.realtek.com/
CVE:
https://cve.mitre.org/cgi-bin/
Speakers Bio
Octavio Gianatiempo is a Security Researcher at Faraday and a Computer Science student at the University of Buenos Aires. He’s also a biologist with research experience in molecular biology and neuroscience. The necessity of analyzing complex biological data was his point of entry into programming. But he wanted to achieve a deeper understanding of how computers work, so he enrolled in Computer Science. As a Security Researcher at Faraday, he focuses on reverse engineering and fuzzing open and closed source software to find new vulnerabilities and exploit them.
Octavio Galland is a computer science student at Universidad de Buenos Aires and a security researcher at Faraday. His main topics of interest include taking part in CTFs, fuzzing open-source software and binary reverse engineering/exploitation (mostly on x86/amd64 and MIPS).
We will be posting the full article very soon. Stay tuned!
If you have any question or request please get in touch with us: socialacc@faradaysec.com
Faraday Vulnerability management platform: a seamless experience
Vuln management users seek to have a general, orderly and clear vision of the health in their security systems in order to assess and mitigate existing vulnerabilities.
They look for the platform that helps them identify and catalog vulnerabilities, separate what is urgent and important from what is secondary, classify them according to their severity and thus be able to assess the risk of their systems and networks.
0 Comments8 Minutes
Release v4.3.5
We are happy to share the latest updates of our vulnerability management platform.
Faraday v4.3.5 is here!
It has been planned with our customers in mind. We are redefining productivity and making our platform more powerful and user-friendly than ever to enhance your experience securing your systems.
0 Comments3 Minutes
Web Application pentesting: a guide
In Security, the concept of attack-surface (or attack surface) refers to the set of entry points that an attacker can use to access a system or application and carry out an attack. In other words, it is the complete map in which a system or application can be violated. They may include software vulnerabilities, insecure configurations, unauthorized access, open ports, application programming interfaces (APIs), among others. The larger the attack surface of a system or application, the greater the risk that an attacker could exploit a vulnerability and compromise the security of the system.
0 Comments5 Minutes
Nuclei: Attack Surface with Faraday
In Security, the concept of attack-surface (or attack surface) refers to the set of entry points that an attacker can use to access a system or application and carry out an attack. In other words, it is the complete map in which a system or application can be violated. They may include software vulnerabilities, insecure configurations, unauthorized access, open ports, application programming interfaces (APIs), among others. The larger the attack surface of a system or application, the greater the risk that an attacker could exploit a vulnerability and compromise the security of the system.
0 Comments5 Minutes
Yara rule and some python scripts for detection and sanitization of Acropalypse (CVE-2023-21036) affected PNG images
We have just released a YARA to detect vulnerable images of Acropalypse in scale. We also added a sanitization script to remove extra information from PNG files.
0 Comments1 Minute
Automating Security Tasks
In this second part (part one), we will show a step by step of a security analysis having in mind a basic methodology:
- Perform a passive recognition of the target
- Go through an active recognition
- Identify vulnerabilities coming from an automatic scanning
- Exploit these vulnerabilities
- Wrap up with an executive report
0 Comments16 Minutes
DevSecOps: a thread
Let's talk about security into the software development lifecycle. DevSecOPS elp you identify and mitigate security risks early in the development process, reducing the chance of a breach and improving the overall security of their apps.
0 Comments2 Minutes
Release v4.3.3
We are excited to announce the release of our latest update, packed with several new features and improvements designed to enhance your vulnerability management experience
0 Comments3 Minutes
Security Orchestration, the key to Vulnerability Management
Whether your IT department or security team needs to operate and protect your system and data, vulnerability management tools are the way to go. They offer the best way to coordinate and automate the process from beginning to end. It is what is called Orchestration. It is one of the key concepts to bear in mind when doing vuln management..
0 Comments6 Minutes
Release v4.3.2
We started 2023 with fresh and new fixes. One of the most awaited features in this release is the "Trending" category to the enrichment field to help you perform a much more accurate risk score.
0 Comments2 Minutes
We will be posting the full article as soon as possible so stay tuned!
If you have any question please get in touch via socialacc@faradaysec.com
Related Posts
Release v4.3.5
We are happy to share the latest updates of our vulnerability management platform. Faraday v4.3.5 is here! It has been planned with our…
Web Application pentesting: a guide
In Security, the concept of attack-surface (or attack surface) refers to the set of entry points that an attacker can use to access a…
Nuclei: Attack Surface with Faraday
In Security, the concept of attack-surface (or attack surface) refers to the set of entry points that an attacker can use to access a…