Help Irongeek.com pay for bandwidth and research equipment:
From Patch to Pwnd Hack3rcon 3 (Hacking Illustrated Series InfoSec Tutorial Videos)
From Patch to Pwnd
Hack3rcon 3
"Exploiting faulty firmware patch services to compromise MFP Devices" An in
depth examination of the patch/upgrade process on Xerox Multifunction devices,
for the purpose of exploitation. By taking advantage of faulty patch/upgrade
design we will show how an attacker can gain root level access privileges on MFP
devices. We will start our discussion by examining historical research, and
methods used in the past to compromise MFP devices in relationship to our attack
method. Following from there we will discuss the steps I took during my
research. This will include the evaluation of patch and firmware packages built
using Xerox Downloadable modules (DLM) format. Examining Xerox patch process,
including how they are obtained and deployed. We will Also discuss the structure
and extraction of data from DLMs. Leveraging this information we will
demonstrate how an attacker could easily create their own rogue DLMs and deploy
them to take aver a Xerox MFP device with root level privileges without needing
to authenticate. In conclusion we will discuss methods that could be used to
reduce or mitigate the risk caused by these issues.
Deral Heiland
Deral Heiland CISSP, serves as a Senior Security Engineer where he is
responsible for security assessments, and consulting for corporations and
government agencies. In addition, Deral is the founder of Ohio Information
Security Forum a not for profit organization.
