faradaysecBy faradaysec|August 11, 2022|4 Minutes

New research findings from Faraday goes to DEF CON

Our research team presents:

Exploring the hidden attack surface of OEM IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS. Octavio Gianatiempo (@ogianatiempo) and Octavio Galland (@GallandOctavio).

Friday, August 12th, 2022. Track 1.

https://forum.defcon.org/node/241835

https://defcon.org/html/defcon-30/dc-30-schedule.html

In this era of remote work, corporate networks overlap with home networks and sensitive information abounds behind consumer-grade routers. But these devices might not be designed with security as a priority. Hence, Faraday’s security research team evaluated the top-selling home router in Argentina. In this research effort, they discovered an exploitable vulnerability that could allow an attacker to take control of this router remotely without requiring user intervention and under default settings. By exploiting this vulnerability, an attacker can execute their code on the device and modify any setting or even use the router to intercept traffic and scan for devices on the local network. When they tracked down the origin of this vulnerability, they found that it was part of the code that Realtek, the manufacturer of this router’s processor, provides to the vendors.

This finding implies that the same vulnerability can be found in other devices from different brands. After automating the detection of this vulnerability on a given firmware image, which is the code that controls a router, they found at least 13 models affected from 4 different vendors, amounting to over 130K vulnerable devices sold in Latin America alone. The presence of this vulnerability in multiple router models proves that the code shipped by Realtek as an OEM was never reviewed from a security standpoint in any step of the supply chain.

The researchers will be presenting their findings at DEFCON 30, in a technical talk that will delve into the inner workings of these routers, their real-time operating system called eCos, the details of this vulnerability, its detection, and how it can be exploited by an attacker to gain full control of an affected router.

Advisory:

https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2022-27255.pdf

CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27255

Speakers Bio

Octavio Gianatiempo is a Security Researcher at Faraday and a Computer Science student at the University of Buenos Aires. He’s also a biologist with research experience in molecular biology and neuroscience. The necessity of analyzing complex biological data was his point of entry into programming. But he wanted to achieve a deeper understanding of how computers work, so he enrolled in Computer Science. As a Security Researcher at Faraday, he focuses on reverse engineering and fuzzing open and closed source software to find new vulnerabilities and exploit them.

@ogianatiempo

Octavio Galland is a computer science student at Universidad de Buenos Aires and a security researcher at Faraday. His main topics of interest include taking part in CTFs, fuzzing open-source software and binary reverse engineering/exploitation (mostly on x86/amd64 and MIPS).

@GallandOctavio

We will be posting the full article very soon. Stay tuned!

If you have any question or request please get in touch with us: socialacc@faradaysec.com

Security Orchestration, the key to Vulnerability Management

Whether your IT department or security team needs to operate and protect your system and data, vulnerability management tools are the way to go. They offer the best way to coordinate and automate the process from beginning to end. It is what is called Orchestration. It is one of the key concepts to bear in mind when doing vuln management..

Read More


0 Comments6 Minutes

Release v4.3.2

We started 2023 with fresh and new fixes. One of the most awaited features in this release is the "Trending" category to the enrichment field to help you perform a much more accurate risk score.

Read More


0 Comments2 Minutes

2022 Recap: our most read article

A new year means new opportunities but also new vulnerabilities, and we're hoping 2023 gives rise to some much-needed progress and safer coverage of your infrastructure. Whatever happens, Faraday will be there, providing security, unique reporting options, and invaluable research work 24/7.

Read More


0 Comments1 Minutes

Faraday CTF 2022 Write-up: Reverse Engineering and Exploiting an IoT bug

In most of the write-ups of CTF, reverse engineering concepts are taken for granted. This is a problem for newcomers unfamiliar with some basic concepts or If don’t have prior experience in this field. However, this will be different. In this video, we will take you through a step-by-step of our decompiling session using Ghidra. This step-by-step is helpful for any static reversing but is particularly functional for IoT binaries.

Read More


0 Comments7 Minutes

Prioritizing: making your Vulnerability Management Manageable

We orchestrate many scanners results at Faraday into the same pipeline. This is how the process starts, but then we devote some time to deciding the importance or urgency of a vulnerability for our company. Cyber Risk

Read More


0 Comments6 Minutes

Release v4.3.0

Great news: We're releasing some awesome cybersecurity new updates to our platform!! We keep delivering improvements that will ease your vulnerability management and pentesting procedures.

Read More


0 Comments1 Minutes

Integrating Faraday in the software development process – GitLab – Part 4

Pentesters use a comprehensive and complete toolkit to expose different platforms and evaluate the security of an IT infrastructure. They safely try to exploit vulnerabilities and are experts at reporting failures, data leakage, or other vulnerabilities.

Read More


0 Comments18 Minutes

Integrating Faraday in the software development process – Jenkins – Part 2

We are going to integrate Jenkins into Faraday with pipelines since this is one of the most extended CD/CI tools in the community. DevSecOps

Read More


0 Comments17 Minutes

Integrating Faraday in the software development process – Travis – Part 3

Pentesters use a comprehensive and complete toolkit to expose different platforms and evaluate the security of an IT infrastructure. They safely try to exploit vulnerabilities and are experts at reporting failures, data leakage, or other vulnerabilities.
In this post, we present these tools and the several ways they can be applied.

Read More


0 Comments11 Minutes

Integrating Faraday in the software development process – GitHub – Part 1

Pentesters use a comprehensive and complete toolkit to expose different platforms and evaluate the security of an IT infrastructure. They safely try to exploit vulnerabilities and are experts at reporting failures, data leakage, or other vulnerabilities.
In this post, we present these tools and the several ways they can be applied.

Read More


0 Comments13 Minutes

We will be posting the full article as soon as possible so stay tuned!

If you have any question please get in touch via socialacc@faradaysec.com