Supply Chain Risk: The HiSilicon Backdoor The HiSilicon / Xiongmai Backdoor and 3rd Party Component Risk Last week saw a flurry of news about a research report by Vladislav Yarmak describing a backdoor in the firmware of DVR/NVR devices built using the video...
Reverse Engineering My Router’s Firmware with binwalk Author: Sergio Prado (reposted with permission) A few days ago I decided to reverse engineer my router’s firmware image with binwalk. I’ve bought the TP-Link Archer C7 home router. Not one of the best, but...
Identifying the Cable Haunt Vulnerability Using the Centrifuge Platform® Cable Haunt is a critical vulnerability in the firmware of cable modems disclosed in January 2020 by the team at Lyrebirds in Denmark. With this vulnerability external attackers can exploit a...
D-Link: A Firmware Security Analysis – Part 4 Firmware Exploitation This is the part you’ve been waiting for right? We’ve downloaded a firmware, scoured through it for hours, found a vulnerability, emulated it, and now it’s time to write an exploit. Our goal is...
Source Code Analysis: A False Sense of Firmware Security The Truth About Source Code Analyzers Welcome to a World of False Positives Source code analysis produces a large amount of “false positive” results, which is one of the biggest complaints we...
D-Link: A Firmware Security Analysis – Part 3 The Firmware Exploitation Methodology In part two of our firmware analysis, we discovered a potential overflow in the administration server, alphapd. It appears if you send a long string in the WEPEncryption field to...
