Embedded Management Interfaces Emerging Massive Insecurity

Over the last few years, the number of devices that embed user-friendly management interfaces accessible from the network has drastically increased. These interfaces can be found on almost every kind of device, from lights-out management systems for PCs, to small SOHO NAS appliances, or photo frames. In this talk, we will cover the attack surface of embedded management interfaces and pinpoint which parts of them are the most likely to be vulnerable, based on our evaluation of more than a dozen device models from different categories. In particular, we will review known yet underestimated implementation shortcuts that lead to vulnerabilities. To illustrate each shortcut, we will describe real-world vulnerabilities that we have found and exploited in devices from Intel, Linksys, Lacie, Samsung, and Dell among others.


Share this paper on your favorite social network.

Stay in touch

Join the 35K awesome readers community!



Be in the Know

Join thousands of readers who receive my latest blog posts in their inbox.
No spam I promise and you can unsubscribe anytime.
Elie Bursztein © 2017
About Me

Recent entries