IOActive: HooToo TripMate Routers are Cute But Insecure

Monday, April 23, 2018
HooToo TripMate Routers are Cute But Insecure
By Tao Sauvage

[…] While HooToo TripMate routers are cute, they are also extremely insecure. Multiple memory corruptions, multiple OS command injections, arbitrary file upload, and arbitrary firmware update: all of them unauthenticated.[…]

http://blog.ioactive.com/2018/04/hootoo-tripmate-routers-are-cute-but.html

Click to access HooToo_Security_Advisory_FINAL_4.19.18.pdf

https://www.hootoo.com/hootoo-tripmate-ht-tm05-wireless-router.html

Intel Graphics Driver for Windows: DoS vulnerability

Excerpt of advisory below, see full one for list of drivers impacted.

DoS in Kernel in multiple versions of the Intel Graphics Driver allows local attacker to perform a DoS via an Out of Bounds Read

Intel ID: INTEL-SA-00077
Product family: Mobile, Desktop, Server, Workstation, and Embedded processors based on Intel® Core™ and Atom™ Processors using an affected driver.
Impact of vulnerability: Denial of Service
Severity rating: Moderate
Original release: Jul 31, 2017
Last revised: Aug 01, 2017

Out-of-bounds read condition in older versions of some Intel® Graphics Driver for Windows code branches allows local users to perform a denial of service attack. Intel recommends that users download and upgrade to the latest supported driver. Intel would like to thank Enrique Nissim of IOActive for reporting this issue and working with us on a coordinated disclosure.

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00077&languageid=en-fr

Reversing U-Boot-based BHU WiFi uRouter

Tao Sauvage of IOActive has a blog post on reversing the U-Boot-based BHU WiFi uRouter to find multiple vulnerabilities:

[…] The BHU WiFi uRouter, manufactured and sold in China, looks great – and it contains multiple critical vulnerabilities. An unauthenticated attacker could bypass authentication, access sensitive information stored in its system logs, and in the worst case, execute OS commands on the router with root privileges. In addition, the uRouter ships with hidden users, SSH enabled by default and a hardcoded root password…and injects a third-party JavaScript file into all users’ HTTP traffic. In this blog post, we cover the main security issues found on the router, and describe how to exploit the UART debug pins to extract the firmware and find security vulnerabilities. […]

http://blog.ioactive.com/2016/08/multiple-vulnerabilities-in-bhu-wifi.html

Jeep firmware reversing research

 ICIT Brief: Who’s Behind the Wheel? Exposing the Vulnerabilities and Risks of High Tech Vehicles

The July 2015 remote hack of a Jeep Cherokee by security researchers from IOActive served as a catalyst which made vehicle cybersecurity a top priority for the automotive industry, consumers and lawmakers.  Since then, Chrysler has recalled 1.4 million Jeeps to patch vulnerabilities and lawmakers have proposed various pieces of legislation to address cybersecurity in vehicles, including the  Security and Privacy in Your Car (SPY Car) Act from Senators Markey (MA) and Blumenthal (CT). In response to the need for legislative and agency education on the issue of vehicle cybersecurity, ICIT has partnered with its Fellow IOActive on a brief entitled “Who’s Behind the Wheel? Exposing the Vulnerabilities and Risks of High Tech Vehicles“.  The brief provides a detailed breakdown of the July 2015 Jeep Cherokee hacking demonstration and an analysis of how hackers would behave during a ‘real-world’ attack. […]

http://icitech.org/icit-brief-whos-behind-the-wheel-exposing-the-vulnerabilities-and-risks-of-high-tech-vehicles/