Showing posts from April, 2022

No Hardware, No Problem: Emulation and Exploitation

Vulnerability Hunting for Sport If you've been following our blog, you might notice some favoritism when it comes to embedded targets... We've been exploring the NETGEAR R7000 for several blog posts . This pattern stems from a number of product characteristics, one of which is that the device is easy to emulate in QEMU, which provides an alternative to testing the actual device and is much more researcher-friendly. While it's not strictly required, nor is it the only factor that we consider, it does make for a more enjoyable vulnerability research experience! In this blog post, we'll walk through emulating the R7000's UPnP daemon in QEMU to aid in the discovery and exploitation of vulnerabilities. Towards that end, this blog will demonstrate an exploit for a post-authenticated stack overflow vulnerability, and how to easily unpack the encrypted firmware updates for the R7000's Circle update daemon. Unpacking the R7000 Firmware The first step in emulating the

Connecting the Dots for Connected Security

It is undeniable that organizations, government agencies, and critical infrastructure providers face evolving cyber threats with increased volume and complexity. Securing your organization's information and assets requires the right amount of effort focused on appropriate areas. Cyber-Physical Systems Security  According to the National Institute for Standards and Technology (NIST), "Cyber-Physical Systems (CPS) comprise interacting digital, analog, physical, and human components engineered for function through integrated physics and logic. These systems will provide the foundation of our critical infrastructure, form the basis of emerging and future smart services, and improve our quality of life in many areas."  Automobiles, medical devices, building controls, automatic pilot avionics, and the smart grid are CPS examples. Each includes smart networked systems with embedded sensors, processors, and actuators that sense and interact with the physical world and support rea