debugmo.de :: Almost Secure

submited by
Style Pass
2024-10-31 09:00:04

Filed under Hacking Projects

Vulnerabilities are like good ideas - you’re rarely the first one dealing with it. Some vulnerabilities are almost classic, so I’ll proudly present: 7 old but surprisingly useful bugs that might also affect YOUR device.

Just to be clear: none of these exploits are rocket science. This is kind of the “low tech” hacking approach - no fancy oscilloscopes required, no DPA involved, no FIB to rent. There’s not even code to disassemble!

The first vulnerability is a classic oversight. It applies to many devices that are accepting a mass-storage device (for example USB or micro-SD) and are somehow exposing the contents of this to the outside world. This includes WLAN/3G access points with a “file share” ability, NAS and a lot of special purpose devices. Slightly linux-centric (but I’m sure it applies to many other operating systems as well), these devices usually try to support multiple filesystems by using the equivalent of the “mount -t auto”, automatically trying all filesystems from /proc/filesystems when mounting, until one filesystem handler succeeds in mounting.

While supporting multiple filesystems is normally meant to support FAT, NTFS and maybe HFS+, most kernels also have ext2/ext3 support compiled in; sometimes the rootfs of these devices also uses ext2. This means that if you attach an ext2 formatted storage device, it will be mounted as well. If the device exposes access to this filesystem, it gives you a lot of toys to play with: symlinks, device nodes and all the fancy features.

Leave a Comment
Related Posts