faradaysecBy faradaysec|August 11, 2022|4 Minutes

New research findings from Faraday goes to DEF CON

Our research team presents:

Exploring the hidden attack surface of OEM IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS. Octavio Gianatiempo (@ogianatiempo) and Octavio Galland (@GallandOctavio).

Friday, August 12th, 2022. Track 1.

https://forum.defcon.org/node/241835

https://defcon.org/html/defcon-30/dc-30-schedule.html

In this era of remote work, corporate networks overlap with home networks and sensitive information abounds behind consumer-grade routers. But these devices might not be designed with security as a priority. Hence, Faraday’s security research team evaluated the top-selling home router in Argentina. In this research effort, they discovered an exploitable vulnerability that could allow an attacker to take control of this router remotely without requiring user intervention and under default settings. By exploiting this vulnerability, an attacker can execute their code on the device and modify any setting or even use the router to intercept traffic and scan for devices on the local network. When they tracked down the origin of this vulnerability, they found that it was part of the code that Realtek, the manufacturer of this router’s processor, provides to the vendors.

This finding implies that the same vulnerability can be found in other devices from different brands. After automating the detection of this vulnerability on a given firmware image, which is the code that controls a router, they found at least 13 models affected from 4 different vendors, amounting to over 130K vulnerable devices sold in Latin America alone. The presence of this vulnerability in multiple router models proves that the code shipped by Realtek as an OEM was never reviewed from a security standpoint in any step of the supply chain.

The researchers will be presenting their findings at DEFCON 30, in a technical talk that will delve into the inner workings of these routers, their real-time operating system called eCos, the details of this vulnerability, its detection, and how it can be exploited by an attacker to gain full control of an affected router.

Advisory:

https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2022-27255.pdf

CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27255

Speakers Bio

Octavio Gianatiempo is a Security Researcher at Faraday and a Computer Science student at the University of Buenos Aires. He’s also a biologist with research experience in molecular biology and neuroscience. The necessity of analyzing complex biological data was his point of entry into programming. But he wanted to achieve a deeper understanding of how computers work, so he enrolled in Computer Science. As a Security Researcher at Faraday, he focuses on reverse engineering and fuzzing open and closed source software to find new vulnerabilities and exploit them.

@ogianatiempo

Octavio Galland is a computer science student at Universidad de Buenos Aires and a security researcher at Faraday. His main topics of interest include taking part in CTFs, fuzzing open-source software and binary reverse engineering/exploitation (mostly on x86/amd64 and MIPS).

@GallandOctavio

We will be posting the full article very soon. Stay tuned!

If you have any question or request please get in touch with us: socialacc@faradaysec.com

Visualize findings and get a deeper understanding of your security posture

Our risk scoring system goes beyond mere criticality analysis, pinpointing precisely where real vulnerabilities lie. It offers a straightforward representation, not just an objective evaluation framework, but a curated set of filters tailored to prioritize based on specific contexts. Prioritization becomes a time-saving asset; now, you can filter vulnerabilities from a hacker's perspective.

Read More


0 Comments2 Minutes

Release v4.6.2

We're thrilled to introduce you to a series of enhancements designed to elevate your performance and take your team's vulnerability management to the next level.

Read More


0 Comments2 Minutes

Faraday at Ekoparty 2023

Cybersecurity is a large group of people working to make the world a safer place. At Faraday, we are motivated to develop and work on solutions that add value to the community and assist companies and cybersecurity professionals. But most importantly, we take pride in forming relationships and, together with Ekoparty, being part of this story.

Read More


0 Comments6 Minutes

Meet Faraday at Ekoparty in Buenos Aires.

Bienvenidos a otro año más con Faraday en la fiesta más grande de Latinoamérica, Ekoparty!

Desde hace 9 años somos parte de esta conferencia de hackers y apasionados de la ciberseguridad. Nuestros socios fundadores Fede Kirschbaum y Francisco Amato son también los creadores de este evento que reúne anualmente a más de 1000 nerds de la ciberseguridad y el pentesting.

Read More


0 Comments10 Minutes

Faraday goes to Mind The Sec in São Pablo

Our Ssr. Researcher, Octavio Gianatiempo, presented his research on the vulnerability that affected thousands of top-selling routers in Latin America at Mind The Sec ⚡

You can read the full presentation here.

Plus, our CRO Francisco Amato was leading many meeting with Brazilian companies and fellow pentesters. 

It was an amazing chance to connect with the Brazilian pentesting community, share our work, and have an amazing time in São Pablo.

Read More


0 Comments1 Minute

Release v4.6.0

We are thrilled to introduce Faraday v4.6.0. In this release, we've significantly added improvements to our pipeline section performance and introduced new tools useful for DevOps and security professionals, helping them identify security and compliance issues within their code earlier in the development process.

Read More


0 Comments2 Minutes

Improve visibility with Slash Command in Slack to interact with Faraday

In this blog, we are going to create a Slack app to allow us to interact with Faraday API using its known Slash Commands. This allows for flexibility in performing various security tasks and queries directly from Slack. Providing visibility into Faraday's data and functionality within the Slack environment. Helping security teams stay informed.

Read More


0 Comments6 Minutes

A three-hour session about hacking by our CEO, Federico Kirschbaum

It's true that cybersecurity is primarily something developed by governments and large, regulated companies. If these entities with vast resources, hefty budgets, and seniority still experience breaches, what's left for the rest of us?
Whether it's a company with 10,000 employees or one with just five, they both face exactly the same attack.

Read More


0 Comments1 Minutes

Our CEO Federico Kirschbaum moderated a panel on Cybersecurity in the Blockchain and Web3

Our CEO Federico Kirschbaum participated as a moderator in the “Cybersecurity” panel at Ethereum Argentina, alongside Pablo G. Sabbatella, Santiago Di Paolo, Sergio Demian Lerner, and Sebastian Raul Wain.
He was in charge of joining the conversation of one of the hottest topics in the crypto world.
See the video of the talk

Read More


0 Comments1 Minute

Delivering Client-Ready Reports: Optimizing Penetration Testing Workflow with Zoho and Faraday Integration

Integrating Zoho CRM, Zoho Projects, and Faraday into your penetration test service workflow can significantly streamline the process from lead generation to delivering the final report to the client. This well-coordinated approach enhances efficiency, communication, and client satisfaction throughout the engagement. By following the steps outlined in this blog post, you can effectively manage penetration test projects and maintain a high standard of service delivery.

Read More


0 Comments5 Minutes

We will be posting the full article as soon as possible so stay tuned!

If you have any question please get in touch via socialacc@faradaysec.com