Dror Crazy toaster

Views:
 
Category: Education
     
 

Presentation Description

No description available.

Comments

Presentation Transcript

“A Crazy Toaster : Can Home Devices turn against us?”: 

“A Crazy Toaster : Can Home Devices turn against us?” Dror Shalev SmartDefense Research Center drors@checkpoint.com ClubHack, 9/12/2007, Puna , India India's own International Hackers Convention

Agenda: 

Agenda Introduction Trust, technology and new privacy issues Overview of home networking and early threats   Steps to create a Crazy Toaster Trojan Demonstration Side effect : Windows XP SSDP distributed Dos Side effect Demonstration TODO, Extended ideas iPhone , iToaster & others (ClubHack edition) Respect Q&A

Introduction: 

Introduction

Introduction: 

Introduction

Trust, technology & privacy issues: 

Trust, technology & privacy issues Common privacy issues: Technology is about to replace the trust model we use today People get confused between people that know things and machines that know things Do we care if Google machines know that we would like to pay for porn? Does this information can be given to a human? Trust models: Usually we don’t trust a human in 100% to be able to deal with his knowledge about us Should we trust corporations like Google? Should we trust hardware and software vendors?

Overview of home networking: 

Overview of home networking Home networking in Windows XP and in Windows Vista Peer-to-peer networking of PCs, networked appliances and wireless devices UPnP architecture UPnP ,Overview of a distributed, open architecture based on TCP/IP, UDP and HTTP IPv6 – Reintroduce old exploits (land attack MS06-064) Security exploits and early threats

Overview of home networking: 

Overview of home networking

Overview of home networking: 

Overview of home networking

Slide10: 

Overview of home networking

Overview of home networking: 

Overview of home networking Wireless Connectivity Wireless Access Point Low-end Appliance VoIP Webpage with virus Cell phone Crazy Toaster Media Center Hacker

Universal Plug and Play (UPnP): 

Universal Plug and Play (UPnP)

UPnP, IGDs, SSDP on XP: 

UPnP, IGDs, SSDP on XP

Simple Service Discovery Protocol (SSDP): 

Simple Service Discovery Protocol (SSDP) On a default XP installation, no support is added for device control, as it would be the case in an installation of UPNP from "Network Services“ Although Microsoft added default support for an "InternetGatewayDevice", that was added to aid leading network hardware manufactures in making UPnP enabled "gateway devices" Desktop Wireless Access Point

Early threats : 

Early threats 

Steps to create a Crazy Toaster Trojan: 

Steps to create a Crazy Toaster Trojan While researching SSDP & UPnP we realized that protocols allow not only routers, media players, servers and other devices to connect seamlessly but also to attackers A scenario of “Crazy Toaster ” , Trojan device , or software with TCP/IP capabilities like Routers , Media Players , Access Points , that join Local area network and become security hazard is possible

Steps to create a Crazy Toaster Trojan: 

Steps to create a Crazy Toaster Trojan

Steps to create a Crazy Toaster Trojan: 

Steps to create a Crazy Toaster Trojan

Steps to create a Crazy Toaster Trojan: 

Steps to create a Crazy Toaster Trojan

Demonstration: 

Demonstration

Windows XP SSDP distributed Dos: 

Windows XP SSDP distributed Dos

Windows XP SSDP distributed Dos: 

Windows XP SSDP distributed Dos Xml Kill Crazy Toaster Victim

Side effect Demonstration: 

Side effect Demonstration

Conclusions: 

Conclusions

TODO, Extended ideas: 

TODO, Extended ideas

iPhone , iToaster & Others : 

iPhone , iToaster & Others

Respect: 

Respect

Q&A: 

Q&A Q: Why hack a toaster? A: Why not? * Slides ,Toaster and iToaster sources code : http://www.drorshalev.com/dev/upnp/

authorStream Live Help