When Firmware Modifications Attack: A Case Study of Embedded Exploitation

Author(s): Ang Cui, Michael Costello and Salvatore J. Stolfo

Download: Paper (PDF)

Date: 23 Apr 2013

Document Type: Presentations

Additional Documents: Slides

Associated Event: NDSS Symposium 2013

Abstract:

The ability to update firmware is a feature found in nearly all modern embedded systems. We demonstrate how this feature can be exploited to allow attackers to inject malicious firmware modifications into vulnerable embedded devices. We discuss techniques for exploiting such vulnerable functionality, implement a proof-of-concept attack against HP LaserJet printers, survey the vulnerable population, analyze known vulnerabilities in third-party libraries and discuss defenses.