Hacking a Device That Lives Inside the Matrix

[Gerardo Iglesias Galván] decided he wanted to try his hand at bug-bounty hunting — where companies offer to pay hackers for finding vulnerabilities. Usually, this involves getting a device or accessing a device on the network, attacking it as a black box, and finding a way in. [Gerrado] realized that some vendors now supply virtual images of their appliances for testing, so instead of attacking a device on the network, he put the software in a virtual machine and attempted to gain access to the device. Understanding the steps he took can help you shore up your defenses against criminals, who might be after more than just a manufacturer’s debugging bounty.

The device he attacked tried to secure itself. The bootloader was protected. The filesystems were encrypted. Did he get in? Read the story for yourself and find out.

As more projects connect to the Internet, there’s more opportunity for bad mischief. It wasn’t from hacking, but look how much trouble shutting down everyone’s Nest thermostats caused, not to mention the major internet outage caused by hacked cameras. We’ve talked about hardening Raspberry Pi projects before using things like two-factor authentication. Might not be enough, but its a start.

15 thoughts on “Hacking a Device That Lives Inside the Matrix

  1. I hope people doing such things also tell the wider public if they find companies put nefarious stuff for themselves in there. Nasty intrusion of privacy and such, or attempts to access stuff it should not access.

    1. Like Netgear Tp-Link D-link, Basically anyone that manufactures consumer grade Network equipment leaves doors everywhere, It’s absolutely intentional it’s bad because, We’ve got this DSL modem that anyone can just remotely query without logging in sending request to the Cli via HTTP without authentication no firmware update was ever created to fix it, the login details from simple running cat on the pwd file showed login info which then gives access to the remote email account and use of other ISP related services.

  2. If the security really matters, such keys should never be stored in the file system as is. They should be e.g. sealed with TPM chip storage root key or tied to secure boot. At minimum the real production keys should not be available in development VM images.

  3. Ever wonder why your phone suddenly gets hot in your pocket when you’re not using it.
    It’s a three letter agency uploading an updated image of it stupendously quickly. Co-processors and layers of abstraction, aren’t always a good idea.

  4. the proof is when a fully charged cellphone, when shut down, drains the battery faster then when it is “on” in standby, … interesting how such an occurence might only happen when in the presence of others in direct competetition for information andor mis-information, and may happen many times in such an identical situation involving identical groupes of people andor pwned devices…

    … of course im crazy; cellphones can not be hacked, thats impossible!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s