Drucksache: windows.developer Magazin 10.2013 - Embedded (In)security
Im windows.developer 10.2013 ist ein Artikel über die Sicherheit von Embedded Devices erschienen. Vorgestellt werden theoretische und praktische Angriffe auf verschiedene Embedded Devices wie zum Beispiel
- die Steuerrechner von Druckern und Multifunktionsgeräten,
- allgemein die Webserver in Embedded Devices sowie
- Insulinpumpen und andere Medizintechnik im und am Menschen.
Und hier noch die Links und Literaturverweise aus dem Artikel:
- [1] Carsten Eilers: "Google Hacking: Portale und Netzwerkhardware finden"
- [2] Paul Ducklin, Sophos: "86,800 network printers open to the whole internet - is one of them yours?"
- [3] Exploit DB: "Brother HL-5370DW series auth bypass printer flooder"
- [4] Graham Cluley, Sophos: "HP LaserJet printers at risk of fiery hacker attack"
- [5] Paul Ducklin, Sophos: "FLAMING RETORT: Putting out the HP printer fires"
- [6] Graham Cluley, Sophos: "Have you patched your printer?"
- [7] Exploit DB: "Lexmark Multiple Laser printer Remote Stack Overflow"
- [8] Paul Roberts, Sophos: "Hard-coded password found in Samsung printers, security fix planned"
- [9] Paul Ducklin, Sophos: "HP printers in 1980s-style firmware misconfiguration boo-boo"
- [10] Graham Cluley, Sophos: "HP patches printer firmware flaw, but leaves customers guessing"
- [11] Carsten Eilers: "Was ist ein Advanced Persistent Threat (APT)?"
- [12] Carsten Eilers: "Drive-by-Infektionen - Gefahren drohen überall"
- [13] Michael Sutton, Black Hat USA 2011: "Corporate Espionage for Dummies: The Hidden Threat of Embedded Web Servers"
- [14] Basic Request Embedded Web Server Scanner (brEWS)
- [15] Internet Census 2012 (alternativ auf bitbucket.org
- [16] Internet Census 2012: Bilder
- [17] EXFiLTRATED - Internet Census 2012 Search
- [18] Kevin Poulsen, SecurityFocus: "Nachi worm infected Diebold ATMs"
- [19] Vanja Svajcer, Sophos: "Credit card skimming malware targeting ATMs"
- [20] Robert McMillan, CSO Blogs: "Diebold says hackers put Trojan on Russian ATMS"
- [21] Trustwave: "Automated Teller Machine (ATM) Malware Analysis Briefing" (PDF)
- [22] Brendan Lewis, Juniper: "Juniper’s Decision To Postpone 'Jackpotting Automated Teller Machines'"
- [23] Barnaby Jack, Black Hat USA 2010: "Jackpotting Automated Teller Machines Redux"
- [24] Dennis Fisher, Threatpost: "Throwback Barnaby Jack: Jackpotting ATMs"
- [25] Jerome Radcliffe, Black Hat USA 2011: "Hacking Medical Devices for Fun and Insulin"
- [26] Carsten Eilers: "Gap of War", windows.developer 7.2013
- [27] Barnaby Jack, Black Hat Abu Dhabi 2011: "Life Threatening Vulnerabilities"
- [28] S. Smithson, The Washington Times: "Insulin pumps, other medical devices vulnerable to computer hackers"
- [29] Jim Finkle, Reuters: "Exclusive: Medtronic probes insulin pump risks"
- [30] Jordan Robertson, Blomberg: "Hacker Shows Off Lethal Attack By Controlling Wireless Medical Device"
- [31] Gadi Evron, Chaos Communication Camp 2007: "Hacking the Bionic Man"
- [32] Barnaby J. Feder, The New York Times: "A Heart Device Is Found Vulnerable to Hacker Attacks"
- [33] Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin Ransford, Shane S. Clark, Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi Kohno, William H. Maisel: "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses" (PDF)
- [34] FAQ zu [33]
- [35] Archimedes – Ann Arbor Reserarch Center for Medical Device Security
- [36] Barnaby Jack, IOActive Labs Research: "'Broken Hearts': How plausible was the Homeland pacemaker hack?"
- [37] Barnaby Jack, Black Hat USA 2013: "Implantable Medical Devices: Hacking Humans"
- [38] William Alexander, VICE Canada: "Barnaby Jack Could Hack Your Pacemaker and Make Your Heart Explode"
- [39] Black Hat USA 2013: Remembering Barnaby Jack
- [40] Amanda Holpuch, The Guardian: "Hacker Barnaby Jack dies in San Francisco aged 35"
- [41] Dennis Fisher, Threatpost: "Remembering Barnaby Jack"
- [42] Paul Roberts, Threatpost: "FDA: Software Failures Responsible for 24% Of All Medical Device Recalls"
- [43] Anna Saita, Threatpost: "FDA Urged to More Rigorously Evaluate Medical Devices' Security Risks"
- [44] Dennis Fisher, Threatpost: "Medical Device Security in Need of Major Upgrade"
- [45] Chris Brook, Threatpost: "FDA Warns Medical Device Manufacturers to Take Security More Seriously"
- [46] Die BHKW-Infothek: "Kritische Sicherheitslücke ermöglicht Fremdzugriff auf Systemregler des Vaillant ecoPOWER 1.0"
- [47] Charlie Miller, Black Hat USA 2011: "Battery Firmware Hacking"
- [48] Andy Greenberg, Forbes: "Hackers Reveal Nasty New Car Attacks--With Me Behind The Wheel (Video)"
- [49] ESET We live Security: "'Car hackers' to show off how they can 'control' vehicles with a laptop"
- [50] Candid Wueest, Symantec: "When Car Hacking Turns Your Vehicle into a Video Game"
- [51] Paul Ducklin, Sophos: "What WERE they thinking? Internet-enabled cameras under the security lens once again..."
- [52] Zachary Cutlip, Black Hat USA 2012: "SQL Injection to MIPS overflows: Rooting SOHO Routers"
- [53] Juan Vazquez, Metasploit: "Compromising Embedded Linux Routers with Metasploit"
- [54] Ben Nahorney, Symantec: "Linux.Psybot—Is Your Router Secure?"
- [55] HD Moore, Metasploit: "Whitepaper: Security Flaws in Universal Plug and Play: Unplug, Don't Play."
- [56] Carsten Eilers: "RSA und die schwachen Schlüssel, Teil 2: Die Schlüssel"
- [57] Carsten Eilers: "RSA und die schwachen Schlüssel, Teil 3: Die Gefahren"
Trackbacks
Dipl.-Inform. Carsten Eilers am : Das "Internet der Dinge" im Visier
Vorschau anzeigen
Dipl.-Inform. Carsten Eilers am : Sie werden nicht glauben, was nigerianische Bankangestellte mit Canon-Druckern machen!
Vorschau anzeigen
Dipl.-Inform. Carsten Eilers am : Links, jede Menge Links. Und ganz wenig Kommentare.
Vorschau anzeigen
Dipl.-Inform. Carsten Eilers am : USB-Sicherheit 2015: Angriffsziel Geldautomat - Jackpotting "in the wild"
Vorschau anzeigen