Paper

Hawaii International Conference on System Sciences/IEEE Computer Society: Api-do: Tools for Exploring the Wireless Attack Surface in Smart Meters

Security is critical for the wireless interface offered by soon-to-be-ubiquitous smart meters; if not secure, this technology provides an remotely accessible attack surface distributed throughout many homes and businesses. History shows, however, that new network interfaces remained brittle and vulnerable (although believed otherwise) until security researchers could thoroughly explore their attack surface.

Continue reading

PoC||GTFO: A Tourist's Guide to MSP430

This article in PoC||GTFO is a “quick-start” style guide for reversing engineering embedded systems. The goal is to get the reader situated with the MSP430 architecture as quickly as possible, so they can apply their other reversing experience to this platform.

Continue reading

PoC||GTFO: A Tourist’s Phrasebook for Reversing Embedded ARM in the Dialect of the Cortex M Series

This article in PoC||GTFO is a “quick-start” style guide for reversing engineering embedded systems. The goal is to get the reader situated with the ARM Cortex M architecture as quickly as possible, so they can apply their other reversing experience to this platform.

Continue reading

USENIX Workshop on Offensive Technologies: Packets in Packets: Orson Welles’ In-Band Signaling Attacks for Modern Radios

Presents methods for injecting raw frames at Layer 1 from within upper-layer protocols by abuse of in-band signaling mechanisms common to most digital radio protocols. This packet piggy-backing technique allows attackers to hide malicious packets inside packets that are permitted on the network.

Continue reading

Workshop on Embedded Systems Security: Perimeter-Crossing Buses: a New Attack Surface for Embedded Systems

Any channel crossing the perimeter of a system provides an attack surface to the adversary. Standard network interfaces, such as TCP/IP stacks, constitute one such channel, and security researchers and exploit developers have invested much effort into exploring the attack surfaces and defenses there. However, channels such as USB have been overlooked, even though such code is at least as complexly layered as a network stack, and handles even more complex structures; drivers are notorious as a breeding ground of bugs copy-pasted from boilerplate sample code.

Continue reading