During our research, we found a 0day remote code execution vulnerability (CVE-2017-17215) in Huawei home router HG532 model. The vulnerability allows remote users to execute arbitrary commands by injection shell meta-characters in 2 elements (NewStatusURL, NewDownloadURL) in a POST request sent to upgrade the device’s firmware. We have found hundreds of thousands of attempts in the wild to exploit it. Our investigation led to finding the threat actor, Kenneth Schuchman, a 20 year old guy from Washington with the covered nickname of ‘Nexus Zeta’. Although not seen like a highly professional hacker, he managed to succeed and we have found hundreds of thousands of attempts in the wild to exploit it. Following our research, Nexus Zeta was arrested and indicted on federal computer hacking charges in the US district court. Link to the relevant publication: **Huawei Home Routers in Botnet Recruitment** https://research.checkpoint.com/good-zero-day-skiddie/ Links to relevant articles: **Satori botnet author in jail again after breaking pretrial release conditions - ZDnet** https://www.zdnet.com/article/satori-botnet-author-in-jail-again-after-breaking-pretrial-release-conditions/ **Newbie Hacker Fingered for Monster Botnet - The Daily Beast** https://www.thedailybeast.com/newbie-hacker-fingered-for-monster-botnet

Cyber Security Research Team Leader at Check Point Software Technologies. Prior to Check Point, I have served as an Officer in the IDF Intelligence Corps 8200 Unit in various research and development roles. In addition, I Hold an M.Sc. in Financial Mathematics and a B.Sc. in Applied Mathematics at Bar-Ilan University.

Back to Circle City Con 2019 Videos list