Google Slides: https://docs.google.com/presentation/d/1kiUCLniX6IFEdwLSxteiGC2UPougrE_lKhMI2BsJy64/edit?usp=sharing
Abstract
Many manufactures "produce" similar products based off of each other's technologies, to combat this possible patent infringing activity companies are forced to set security measures to prevent this sort of criminal act. Despite these measures it is still possible to reverse engineer these products. The purpose of this article is to demonstrate how to reverse engineer a "secure" product and provide suggestions for potential additional security measures that can be used to prevent unauthorized attacks for future products. Additionally, I'll be showing the process of cross compiling some code from an x86 machine to an ARM architecture.
Discovery: { will update as soon as I find more vunerabilities }
- Device is vulnerable to serial port jacking attacks
- private SDK was leaked onto the open web
- This product was a result of leaked intel
- old passwords / usernames were saved within the device as plain text
- was able to brute force shell login; best case: 6 hrs