We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Breaking Google Home: Exploit It with SQLite(Magellan)

23
 Zitieren
 Teilen
 Herunterladen
 Bestellen
Kein Logo verfügbarDEF CON
 Qian, Wenxiang Li, YuXiang Wu, HuiYu

Formale Metadaten

Titel
Breaking Google Home: Exploit It with SQLite(Magellan)
Serientitel
Anzahl der Teile
335
Autor
Lizenz
CC-Namensnennung 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
Identifikatoren
Herausgeber
Erscheinungsjahr
Sprache

Inhaltliche Metadaten

Fachgebiet
Genre
Abstract
Over the past years, our team has used several new approaches to identify multiple critical vulnerabilities in SQLite and Curl, two of the most widely used basic software libraries. These two sets of vulnerabilities, which we named "Magellan" and "Dias" respectively, affect many devices and software. We exploited these vulnerabilities to break into some of the most popular Internet of things devices, such as Google Home with Chrome. We also exploited them on one of the most widely used Web server (Apache+PHP) and one of the most commonly used developer tool (Git). In this presentation, we will share how we try to crack the Google Home from both hardware and software aspects, get and analyze the newest firmware, solve the problem, and introduce new methods to discover vulnerabilities in SQLite and Curl through Fuzz and manual auditing. Through these methods, we found "Magellan", a set of three heap buffer overflow and heap data disclosure vulnerabilities in SQLite ( CVE-2018-20346, CVE-2018-20505 CVE-2018-20506 ) We also found "Dias", two remote memory leak and stack buffer overflow vulnerabilities in Curl ( CVE-2018-16890 and CVE-2019-3822 ). Considering the fact that these vulnerabilities affect many systems and software, we have issued a vulnerability alert to notify the vulnerable vendor to fix it. We will disclose the details of "Magellan" and "Dias" for the first time and highlight some of our new vulnerability exploitation techniques. In the first part, we will introduce the results of our analysis on hardware, how to get the newest firmware from simulating an update request, and attack surface of Google Home. We will show how to use Magellan to complete the remote exploit of Google Home, we will also give a brefing talk about how to use Dias to complete the remote attack on Apache+PHP and Git. Finally, we will summarize our research and provide some security development advice to the basic software library developers. Wenxiang Qian Wenxiang Qian is a senior security researcher at the Tencent Blade Team. He is focusing on security research of IoT devices. He also do security audits for web browsers. He was on the top 100 of annual MSRC list (2016 & 2017 ). He published a book called "Whitehat Talk About Web Browser Security ". YuXiang Li YuXiang Li is a senior security researcher at Tencent Blade Team, specialized in the study of Mobile Security and IoT Security. He has reported multiple vulnerabilities of Android and received acknowledgments from vendors(Google/Huawei). He was a speaker of HITB AMS 2018 and XCON 2018. HuiYu Wu HuiYu Wu is a senior security researcher at Tencent Blade Team. Now his job is mainly focus on IoT security research and mobile security research. He was also a bug hunter, winner of GeekPwn 2015, and speaker of DEF CON 26 , HITB 2018 AMS and POC 2017.