7,166
edits
(→link) |
(→link) |
||
Line 954: | Line 954: | ||
Arduino Yun の OpenWrt と AVR の脆弱性(要 Flash Plugin): | Arduino Yun の OpenWrt と AVR の脆弱性(要 Flash Plugin): | ||
[https://prezi.com/ufthiwidvb_0/tfm-arduino-yun-security-iot/ TFM - Arduino Yun - Security IoT] | [https://prezi.com/ufthiwidvb_0/tfm-arduino-yun-security-iot/ TFM - Arduino Yun - Security IoT] | ||
<syntaxhighlight lang="text" enclose="div"> | |||
OpenWRT-Debian-Kernel 3.3.8 | |||
Programming: Arduino IDE No Debugger - "try-and-error" with Serial.prints() | |||
Lastest release image: 1.5.3 Nov 2014 | |||
AVR architecture Linux environment | |||
ROOT as default user: No local access control. | |||
Vulnerable components | |||
(Kali -> Nmap,Nessus): | |||
Dropbeard ssh 2011.54 -> DoS, remote execution... | |||
BusyBox v1.19.4 -> execute arbitrary commands... | |||
Kernel v3.3.8 -> DoS, gain privileges... | |||
Critical paths: | |||
/var/hosts -> pharming attack | |||
/etc/opkg -> fake repository (SSLsniff) | |||
/usr/bin/kill-bridge -> DoS, own malicious bridge | |||
/rom/ -> persistence | |||
No integrity file checks | |||
on boot. | |||
No redirection | |||
to 443 (https). | |||
Remote insecure configuration: | |||
Deauthentication attack to create new free hotspot, capturing WPA/WPA2 handshakes... | |||
Arduino environment: | |||
・Device sensors no authenticated. | |||
・No memory controls (Heap Overflow & Stack Overflow) | |||
</syntaxhighlight> | |||
= ToDo メモ = | = ToDo メモ = |