XCS based hidden firmware modification on embedded devices

Boldizsár Bencsáth, L. Buttyán, Tamás Paulik

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

Most contemporary embedded devices, such as wireless routers, digital cameras, and digital photo frames, have Web based management interfaces that allow an administrator to perform management tasks on the device from a Web browser connecting to the device's Web server. It has been shown earlier that many of these devices are vulnerable to Cross Site Scripting type attacks whereby some malicious JavaScript code can be injected in the Web pages stored on the device. When such infected pages are opened by the administrator, the malicious script is executed with admin privileges, and it can potentially fully compromise the embedded device. In this paper, we demonstrate that such full compromise of embedded devices is indeed possible in practice by showing how the injected malicious script can install an arbitrarily modified firmware on the device. We present the general framework of this kind of hidden firmware modification attacks, and report on our proof-of-concept implementation that targets Planex MZK-W04NU wireless routers. In addition, we also show how this vulnerability can be exploited to install botnet clients on embedded devices, and by doing so, to create embedded botnets. Our work proves that the risk of this type of attacks on embedded systems is considerable, and it will further increase in the future.

Original languageEnglish
Title of host publication2011 International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2011
Pages327-331
Number of pages5
Publication statusPublished - 2011
Event19th International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2011 - Split, Hvar, Dubrovnik, Croatia
Duration: Sep 15 2011Sep 17 2011

Other

Other19th International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2011
CountryCroatia
CitySplit, Hvar, Dubrovnik
Period9/15/119/17/11

Fingerprint

Firmware
Routers
Web browsers
Digital cameras
Embedded systems
World Wide Web
Websites
Servers
Botnet

Keywords

  • botnets
  • Cross Channel Scripting
  • Cross Site Scripting
  • Embedded systems
  • hidden firmware modification
  • malicious code
  • malware
  • security

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software

Cite this

Bencsáth, B., Buttyán, L., & Paulik, T. (2011). XCS based hidden firmware modification on embedded devices. In 2011 International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2011 (pp. 327-331). [6064451]

XCS based hidden firmware modification on embedded devices. / Bencsáth, Boldizsár; Buttyán, L.; Paulik, Tamás.

2011 International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2011. 2011. p. 327-331 6064451.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Bencsáth, B, Buttyán, L & Paulik, T 2011, XCS based hidden firmware modification on embedded devices. in 2011 International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2011., 6064451, pp. 327-331, 19th International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2011, Split, Hvar, Dubrovnik, Croatia, 9/15/11.
Bencsáth B, Buttyán L, Paulik T. XCS based hidden firmware modification on embedded devices. In 2011 International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2011. 2011. p. 327-331. 6064451
Bencsáth, Boldizsár ; Buttyán, L. ; Paulik, Tamás. / XCS based hidden firmware modification on embedded devices. 2011 International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2011. 2011. pp. 327-331
@inproceedings{c205e4c20edc47b495bbcb349579e8c5,
title = "XCS based hidden firmware modification on embedded devices",
abstract = "Most contemporary embedded devices, such as wireless routers, digital cameras, and digital photo frames, have Web based management interfaces that allow an administrator to perform management tasks on the device from a Web browser connecting to the device's Web server. It has been shown earlier that many of these devices are vulnerable to Cross Site Scripting type attacks whereby some malicious JavaScript code can be injected in the Web pages stored on the device. When such infected pages are opened by the administrator, the malicious script is executed with admin privileges, and it can potentially fully compromise the embedded device. In this paper, we demonstrate that such full compromise of embedded devices is indeed possible in practice by showing how the injected malicious script can install an arbitrarily modified firmware on the device. We present the general framework of this kind of hidden firmware modification attacks, and report on our proof-of-concept implementation that targets Planex MZK-W04NU wireless routers. In addition, we also show how this vulnerability can be exploited to install botnet clients on embedded devices, and by doing so, to create embedded botnets. Our work proves that the risk of this type of attacks on embedded systems is considerable, and it will further increase in the future.",
keywords = "botnets, Cross Channel Scripting, Cross Site Scripting, Embedded systems, hidden firmware modification, malicious code, malware, security",
author = "Boldizs{\'a}r Bencs{\'a}th and L. Butty{\'a}n and Tam{\'a}s Paulik",
year = "2011",
language = "English",
isbn = "9789532900262",
pages = "327--331",
booktitle = "2011 International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2011",

}

TY - GEN

T1 - XCS based hidden firmware modification on embedded devices

AU - Bencsáth, Boldizsár

AU - Buttyán, L.

AU - Paulik, Tamás

PY - 2011

Y1 - 2011

N2 - Most contemporary embedded devices, such as wireless routers, digital cameras, and digital photo frames, have Web based management interfaces that allow an administrator to perform management tasks on the device from a Web browser connecting to the device's Web server. It has been shown earlier that many of these devices are vulnerable to Cross Site Scripting type attacks whereby some malicious JavaScript code can be injected in the Web pages stored on the device. When such infected pages are opened by the administrator, the malicious script is executed with admin privileges, and it can potentially fully compromise the embedded device. In this paper, we demonstrate that such full compromise of embedded devices is indeed possible in practice by showing how the injected malicious script can install an arbitrarily modified firmware on the device. We present the general framework of this kind of hidden firmware modification attacks, and report on our proof-of-concept implementation that targets Planex MZK-W04NU wireless routers. In addition, we also show how this vulnerability can be exploited to install botnet clients on embedded devices, and by doing so, to create embedded botnets. Our work proves that the risk of this type of attacks on embedded systems is considerable, and it will further increase in the future.

AB - Most contemporary embedded devices, such as wireless routers, digital cameras, and digital photo frames, have Web based management interfaces that allow an administrator to perform management tasks on the device from a Web browser connecting to the device's Web server. It has been shown earlier that many of these devices are vulnerable to Cross Site Scripting type attacks whereby some malicious JavaScript code can be injected in the Web pages stored on the device. When such infected pages are opened by the administrator, the malicious script is executed with admin privileges, and it can potentially fully compromise the embedded device. In this paper, we demonstrate that such full compromise of embedded devices is indeed possible in practice by showing how the injected malicious script can install an arbitrarily modified firmware on the device. We present the general framework of this kind of hidden firmware modification attacks, and report on our proof-of-concept implementation that targets Planex MZK-W04NU wireless routers. In addition, we also show how this vulnerability can be exploited to install botnet clients on embedded devices, and by doing so, to create embedded botnets. Our work proves that the risk of this type of attacks on embedded systems is considerable, and it will further increase in the future.

KW - botnets

KW - Cross Channel Scripting

KW - Cross Site Scripting

KW - Embedded systems

KW - hidden firmware modification

KW - malicious code

KW - malware

KW - security

UR - http://www.scopus.com/inward/record.url?scp=81455139203&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=81455139203&partnerID=8YFLogxK

M3 - Conference contribution

SN - 9789532900262

SP - 327

EP - 331

BT - 2011 International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2011

ER -