Rick Ramgattie
Security Analyst
Independent Security Evaluators
Friends, Not Foes:  Rethinking the Researcher-Vendor Relationship
Disclosing vulnerabilities to a vendor that doesn’t seem to prioritize security the same way you do can be a source of pain. We may even find ourselves viewing the product vendor as the enemy during this process. But we are faced with a future where we must find common ground with vendors and successful collaborate with them. Between home, work, and public spaces, people will be interacting with a connected device whether they intend to do so or not. Imagine worrying about the security of the connected “smart” shower head in your hotel room. Silly, isn’t it? For this reason, it is important that we try to improve our methods of working with vendors, and those that can influence vendors into having a better security posture in this Industry. This keynote analyzes the business drivers, soft people skills, and other critical nuances inherent to a productive relationship between researchers and the product vendors from the perspective of us, the security researchers. This talk advocates for why we should reframe the relationship from what is sometimes an adversarial one to a collaborative one, and delivers a handful of strategies and tactics for how to do so.
Ian Sindermann
Associate Security Analyst
Independent Security Evaluators (ISE)
Talk: Router Hacking – A Start to Finish Demonstration
SoHo routers are the gateway to the Internet for most homes and small offices. In this live demo we will review the security of the D-Link DIR-865L router to show how we can chain vulnerabilities in both its web and storage interfaces to get root shell access. Our exploit code will grant the attacker full access to the device thus allowing them to spy on the user’s web traffic, redirect the user to phishing sites, or add the router to a botnet.
During this demo we illustrate that the router provides access to plugged in USB mass storage devices over an anonymous Samba share. Since the Samba server follows symbolic links, we can abuse this misconfiguration to explore the file system in entirety. Next, we will discuss how we identified and exploited a file inclusion vulnerability to take advantage of a race condition that resulted in execution of a modified shell script. By chaining these vulnerabilities together, we can launch an unauthenticated Telnet server, achieving persistent root access to the device.
More to come …