Tag: Context

Context on firmware security

~ hucktech ~ Leave a comment

https://twitter.com/CTXIS/status/897055250078715904

Part I: An Overview of Firmware Storage Options
Firmware storage options
By Scott Lester and Steven Day, 09 Aug. 2017

The security of a device’s firmware, as the first or an early part of a trusted chain, can have implications for the security of the whole system. At Context we often obtain the firmware for a device so that we can extract it and take a good look at the underlying code for both the operating system and applications. For a recent example see our blog on the Virgin Media SuperHub. This blog is the first in a series of blogs on how firmware is commonly stored on embedded devices, and the techniques for extracting it. This first blog covers how and where firmware can be stored on a device. Future blogs will focus on some of the cheap, and not-so-cheap, methods of extraction.[…]

https://www.contextis.com/resources/blog/part-i-overview-firmware-storage-options/
https://www.contextis.com/

Hacking the Virgin Media Super Hub

~ hucktech ~ Leave a comment

By Jan Mitchell and Andy Monaghan, 12 June 2017
Context’s Research team have looked at a large number of off-the-shelf home routers in the past and found them to be almost universally dreadful in terms of security posture. However, flagship routers from large ISPs such as BT, Sky and Virgin Media are notably absent from the regular stream of router vulnerabilities in the press. We were curious to discover if these routers were significantly more secure than their off-the-shelf cousins, so we decided to dedicate some of our public research time into looking at one of these devices. […]
The output in Figure 1 suggested that U-Boot is executing a boot script, which was definitely something we wanted to investigate. The first step was to obtain a copy of the bootloader by reading the Flash memory. Given we didn’t have the ability to input characters this would be somewhat tricky via software, so we fired up the hot air gun and removed the Spansion (S25FL129P) NAND flash chip. There are a number of ways to read data from a flash chip, all of which we will be detailing in another blog shortly. In our case, as our preferred I2C/Serial Peripheral Interface (SPI) reader was in another office we used a BeagleBone Black and a bit of Python to manually drive the chip’s SPI bus[…]

https://www.contextis.com/resources/blog/hacking-virgin-media-super-hub/

VM_1_uboot