A Fuzzer for Windows NDIS Drivers OID Handlers developed by @kiqueNissim of @IOActive: https://t.co/JSF9tm9CMM … anyone interested in fuzzing, in general, is welcome to a digital copy of @pedramamini's book on the matter: https://t.co/y0pVF1QKhj bit dated, but still applicable.
— InQuest (@InQuest) November 8, 2018
Tag: IOActive
IOActive: HooToo TripMate Routers are Cute But Insecure
Monday, April 23, 2018
HooToo TripMate Routers are Cute But Insecure
By Tao Sauvage
[…] While HooToo TripMate routers are cute, they are also extremely insecure. Multiple memory corruptions, multiple OS command injections, arbitrary file upload, and arbitrary firmware update: all of them unauthenticated.[…]
http://blog.ioactive.com/2018/04/hootoo-tripmate-routers-are-cute-but.html
Click to access HooToo_Security_Advisory_FINAL_4.19.18.pdf
https://www.hootoo.com/hootoo-tripmate-ht-tm05-wireless-router.html
Intel Graphics Driver for Windows: DoS vulnerability
Excerpt of advisory below, see full one for list of drivers impacted.
DoS in Kernel in multiple versions of the Intel Graphics Driver allows local attacker to perform a DoS via an Out of Bounds Read
Intel ID: INTEL-SA-00077
Product family: Mobile, Desktop, Server, Workstation, and Embedded processors based on Intel® Core™ and Atom™ Processors using an affected driver.
Impact of vulnerability: Denial of Service
Severity rating: Moderate
Original release: Jul 31, 2017
Last revised: Aug 01, 2017
Out-of-bounds read condition in older versions of some Intel® Graphics Driver for Windows code branches allows local users to perform a denial of service attack. Intel recommends that users download and upgrade to the latest supported driver. Intel would like to thank Enrique Nissim of IOActive for reporting this issue and working with us on a coordinated disclosure.
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00077&languageid=en-fr
Reversing U-Boot-based BHU WiFi uRouter
https://twitter.com/pauldanckaert/status/768088971477852161
Tao Sauvage of IOActive has a blog post on reversing the U-Boot-based BHU WiFi uRouter to find multiple vulnerabilities:
[…] The BHU WiFi uRouter, manufactured and sold in China, looks great – and it contains multiple critical vulnerabilities. An unauthenticated attacker could bypass authentication, access sensitive information stored in its system logs, and in the worst case, execute OS commands on the router with root privileges. In addition, the uRouter ships with hidden users, SSH enabled by default and a hardcoded root password…and injects a third-party JavaScript file into all users’ HTTP traffic. In this blog post, we cover the main security issues found on the router, and describe how to exploit the UART debug pins to extract the firmware and find security vulnerabilities. […]
http://blog.ioactive.com/2016/08/multiple-vulnerabilities-in-bhu-wifi.html
Jeep firmware reversing research
ICIT Brief: Who’s Behind the Wheel? Exposing the Vulnerabilities and Risks of High Tech Vehicles
The July 2015 remote hack of a Jeep Cherokee by security researchers from IOActive served as a catalyst which made vehicle cybersecurity a top priority for the automotive industry, consumers and lawmakers. Since then, Chrysler has recalled 1.4 million Jeeps to patch vulnerabilities and lawmakers have proposed various pieces of legislation to address cybersecurity in vehicles, including the Security and Privacy in Your Car (SPY Car) Act from Senators Markey (MA) and Blumenthal (CT). In response to the need for legislative and agency education on the issue of vehicle cybersecurity, ICIT has partnered with its Fellow IOActive on a brief entitled “Who’s Behind the Wheel? Exposing the Vulnerabilities and Risks of High Tech Vehicles“. The brief provides a detailed breakdown of the July 2015 Jeep Cherokee hacking demonstration and an analysis of how hackers would behave during a ‘real-world’ attack. […]
Firmware Security 