User Controls

Navigation

Niggas in Space > Technophiliacs & Technophiles > Telnet - an easy way to attack embedded devices

Telnet - an easy way to attack embedded devices

  1. 2016-09-09 at 8:09 AM UTC
    #1
    oatking Yung Blood
    https://en.blog.nic.cz/2016/09/01/telnet-is-not-dead-at-least-not-on-smart-devices/

    Really cool article, goes a long way in explaining how recently people started attacking embedded devices using plain old telnet, then using those devices to attack other devices via telnet. There's no technical know-how in that piece, but lots of graphs exploring when did this happen, what classes of devices are the most popular. I especially liked this point:

    These devices form an easy target as there is usually a “monoculture” of these devices, all having the same setup and same vulnerabilities.

    This reminds of windows in the late 90's/early 00's. One system, one browser - just send them an email with an executable attachment called "boobs.jpg.exe" and you're golden. It also motivated me to do more C since I see that being beneficial in getting talking with these little gizmos, something like this guy does here: http://jcjc-dev.com/2016/04/08/reversing-huawei-router-1-find-uart/
  2. 2016-09-09 at 8:15 AM UTC
    #2
    The Self Taught Man Black Hole
    Im not a compsci fag like most on this site but ive followed the history and news enough to see that this was bound to happen. I mean its embaressing because even I would have know telnet would be a retardedly easy target but its definitly not out of the bounds of reality.
  3. 2016-09-12 at 1:40 PM UTC
    #3
    oatking Yung Blood

    Im not a compsci fag like most on this site but ive followed the history and news enough to see that this was bound to happen. I mean its embaressing because even I would have know telnet would be a retardedly easy target but its definitly not out of the bounds of reality.

    Yeah, but that's just standard practice in this industry:

    Rich prep kid MBA/Girl with BA in psych. (project manager): I just promised the client that we'll push out this product next week, so chop chop!

    Developers: But, but we just announced it a week ago, we've barely got the spec outlined!

    Rich prep kid MBA/Girl with BA in psych. (project manager): Spare me your nerdy word soup you peasant, put in your 80 hours per week and get this done no matter what or ELSE!

    Developers: Yes betabro/ma'am, please don't hurt us!

    I might have turned up the sarcasm here a bit high, but 98% of management has no fucking clue what's happening - they can always wash their hands and blame engineering like VW is doing now.

    edit: Oh man, just look at this stuff: https://news.slashdot.org/story/16/09/11/0028238/malware-infects-70-of-seagate-central-nas-drives-earns-86400 EL OH EL
Jump to Top