IoT Village - Hacking the Zyxel NAS

CC-Namensnennung 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.

Identifikatoren

10.5446/48862 (DOI)

Herausgeber

DEF CON

Erscheinungsjahr

2019

Sprache

Englisch

Inhaltliche Metadaten

Fachgebiet

Informatik

Genre

Konferenz/Talk

Abstract

"This talk will convey the hacking methodology that took place in order to find the vulnerabilities within the Zyxel NAS 326, including some fun dives into the technical weeds. Note: despite how critical security flaws are, they will be not fixed by the manufacturer. First, the talk will go over the how to dump the source code from the Zyxel NAS 326, as well as understanding the organization of the device. Once we understand how the device works, we will dive into 4 independent bugs discovered on the NAS: including two remote code executions bugs (RCE) and an arbitrary file move. All of the bugs will have a step-by-step walkthrough of how they were discovered and how to exploit them with live demos. "