pin2pwn: How to Root an Embedded Linux Box with a Sewing Needle

DEF CON 24

Presented by: Brad Dixon
Date: Saturday August 06, 2016
Time: 12:30 - 12:55
Location: Track Two

Security assessments of embedded and IoT devices often begin with testing how an attacker could recover firmware from the device. When developers have done their job well you'll find JTAG locked-up, non-responsive serial ports, locked-down uboot, and perhaps even a home brewed secure-boot solution. In this session you'll learn details of a useful hardware/software penetration technique to attempt when you've run out of easier options. We've used this technique on two commercial device security assessments successfully and have refined the technique on a series of test devices in the lab. This session will cover the prerequisites for successful application of the technique and give you helpful hints to help your hack! Best of all this technique, while a bit risky to the hardware, is easy to try and doesn't require specialized equipment or hardware modification. We are going to take pieces of metal and stab them at the heart of the hardware and see what happens. For the hardware/firmware developer you'll get a checklist that you can use to reduce your vulnerability to this sort of attack.

Brad Dixon

Brad Dixon once told his parents that if they gave him a Commodore 64 it would be the last computer he'd ever want. He never got that Commodore 64. Nevertheless Brad managed to become a computer nerd at a young age. Brad studied Computer Engineering at Georgia Tech and jumped into embedded software engineering. He worked for many years helping developers to design embedded Linux into telecom, network, and mobile products. Brad also took a turn as a product manager for embedded development tools and a mobile location analytics product. At Carve Systems he hacks IoT, embedded, and Linux systems.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats