When Firmware Modifications Attack: A Case Study of Embedded Exploitation
Author(s): Ang Cui, Michael Costello and Salvatore J. Stolfo
Download: Paper (PDF)
Date: 23 Apr 2013
Document Type: Presentations
Additional Documents: Slides
Associated Event: NDSS Symposium 2013
The ability to update firmware is a feature found in nearly all modern embedded systems. We demonstrate how this feature can be exploited to allow attackers to inject malicious firmware modifications into vulnerable embedded devices. We discuss techniques for exploiting such vulnerable functionality, implement a proof-of-concept attack against HP LaserJet printers, survey the vulnerable population, analyze known vulnerabilities in third-party libraries and discuss defenses.