Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Embedded System Security

No description

Titi Gu

on 18 February 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Embedded System Security

Embedded System Security Titi Gu Print Me If You Dare actions it knows a lot of stuff... reverse RFU format HP IPG: 41% Market Share Ships 40M unites per year! big questions first... can embedded system be exploited...? have embedded systems been exploited...? have your embedded systems been exploited...? how do you know for sure... what you want to do... internet news machine... "HP printers can be remotely controlled and set on fire, researcher claim" - ars technica "Hackers could turn your printer into a flaming death bomb" - Gawker "Can hackers really use your HP printer to steal your identify and blow up your house?" - gizmodo WIRED... "HP HIT WITH LAWSUIT OVER FLAMING-PRINTER HACK" "Security flaw in printers could expose business to hackers" - Huffingtonpost "Could your printer be a trojan horse? Researchers say yes!" - CNET "Columbia researchers show remote HP printer hijack" - betanews 56 Printer firmwares have been updated... If your printer has been owned how does printer update firmware...? PRINT...!! HP RFU file... (Remote Firmware Update) PJL command.. a single PJL command... a single PJL command without signed... no authentication mechanism...!! MALICIOUS RFU = PRINTER MALWARE Obvious Attack Vectors active attack reflexive attack attack vectors... active: directly connect to 9100/TCP reflexive: embed RFU in document who leaves their printers on the internet...? fun stats gathered by vulnerable embedded device scanner total vulnerable printer count: 76,995... government printer count: 43 (16 in the U.S.) printers named "PAYROLL": 9 (all edu's) how many LaserJet units did HP ship in 2005 - 2009...? digitally signed firmware == secure firmware general purpose computing analogy what if Microsoft said... Windows is secure because we only allow code signed by Microsoft. That means you cannot run your own anti-virus code, but do not worry! you would probably say... general purpose computing analogy what if HP said... LaserJet is secure because we only allow code signed by HP. That means you cannot run your own anti-virus code, but do not worry! again, you would probably say... general mitigation disable RFU updates filter print-job content on print-server isolate printers from sensitive networks if i am the bad guy... disable further RFU updates... inject malware into flash drive... lock all flash pages... Swipe Me If You Dare a simplified EMV transaction E m V EurePay MasterCard Visa "chip and pin" payments based on cards many customers have claimed that their cards have been stolen and used banks claim EMV is "infallible, so... victims do not get their money back 44% according to the latest figures card authentication card to terminal: card details, digital signature... cardholder verification terminal to card: PIN has entered by customer card to terminal: PIN correct? transaction authorization terminal to card: description of transaction card to terminal: transaction and other details online transaction authorization bank to terminal: transaction authorized what is the problem...? amount, currency, date, etc... was PIN required
was PIN entered
did PIN verification fail
... Terminal Verification Results (TVR) guy in the middle needs to tell the card that PIN is not required tell the terminal that PIN was entered correctly card authentication card to fake terminal: messages relayed without modification crimial enters 1234 cardholder verification terminal to fake terminal: 1234 entered fake terminal to terminal: PIN correct? YES!! cardholder verification transaction authorization card to fake terminal: message relayed without modification online transaction authorization bank to terminal: transaction authorized Bibliography http://ids.cs.columbia.edu/sites/default/files/ndss-2013.pdf http://www.bbc.co.uk/blogs/newsnight/susanwatts/2010/02/new_flaws_in_chip_and_pin_syst.html http://www.cl.cam.ac.uk/~rja14/Papers/unattack.pdf Questions? http://www.techrepublic.com/blog/security/chip-and-pin-the-technology-is-no-longer-secure/3153 http://redtape.nbcnews.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say?lite bricking a printer is pretty easy... unbricking a printer is also easy... idea: extract boot code general computing printing job flash chip (NDA) A case study of printer malware and chip card printer malware chip card today's topics.... problem statement
under the hood
attack vector
effective solution "new system" (10 yrs)
attack mechanism
"solution" problem statement... firmware update feature can be exploited to allow attackers to inject malicious firmware modifications into vulnerable embedded devices... can you really remove the malware...? General
Computering SOLUTIONS... Real Embedded Defense defense should be well-known
no more obscure secret-sauce security
defense should be decoupled from OS
OS fortification is good but should not replace independent security software problem statement
under the hood
attack vector
effective solution printer malware "new system" (10 yrs)
attack mechanism
"solution" Chip Card
Full transcript