Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Oleg Kupreev - Telecommunication Hardware Vulne...

Avatar for DC7499 DC7499
July 03, 2015
Research
0
56

Oleg Kupreev - Telecommunication Hardware Vulnerabilities

DEFCON Moscow 9

Avatar for DC7499

DC7499

July 03, 2015
Tweet

More Decks by DC7499

See All by DC7499
Sergey Sobko - Hackashop: Hackathon + Pentest + Workshop [RU]
Avatar for DC7499 defcon
0
570
Dmitry Sklyarov - Intel ME: Security keys Genealogy, Obfuscation and other Magic
Avatar for DC7499 defcon
0
290
Anton Lopanitsyn - Initial reconnaissance of web applications.
Avatar for DC7499 defcon
0
310
Dmitry Volkov - Private messengers: without pain??
Avatar for DC7499 defcon
1
240
Andrey Skuratov and Sergey Migalin - DNS tunneling in 2018. What is that, and what to do with it?
Avatar for DC7499 defcon
2
220
Sergey Belov - Another side of Bug Bounty programs
Avatar for DC7499 defcon
0
320
Dmitry Sklyarov - Intel ME: Flash file system explained
Avatar for DC7499 defcon
0
560
Maxim Goryachiy & Mark Ermolov - Inside Intel Management Engine
Avatar for DC7499 defcon
0
650
Sergey Golovanov - Indecent Response 2018
Avatar for DC7499 defcon
0
570

Other Decks in Research

See All in Research
An Open and Reproducible Deep Research Agent for Long-Form Question Answering
Avatar for Ikuya Yamada ikuyamada
0
350
【NICOGRAPH2025】Photographic Conviviality: ボディペイント・ワークショップによる 同時的かつ共生的な写真体験
Avatar for Chinatsu Ozawa toremolo72
0
200
The mathematics of transformers
Avatar for Gabriel Peyré gpeyre
0
140
svc-hook: hooking system calls on ARM64 by binary rewriting
Avatar for Akira Moroo retrage
2
180
視覚から身体性を持つAIへ: 巧緻な動作の3次元理解
Avatar for Take Ohkawa tkhkaeio
1
220
製造業主導型経済からサービス経済化における中間層形成メカニズムのパラダイムシフト
Avatar for Masatake Yamoto yamotty
0
520
一般道の交通量減少と速度低下についての全国分析と熊本市におけるケーススタディ(20251122 土木計画学研究発表会)
Avatar for Traffic Brain trafficbrain
0
180
2026年3月1日(日)福島「除染土」の公共利用をかんがえる
Avatar for Masano Atsuko atsukomasano2026
0
470
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
Avatar for Yuki Nakata chikuwait chikuwait
0
410
Tiaccoon: Unified Access Control with Multiple Transports in Container Networks
Avatar for Hiroya Onoe hiroyaonoe
0
1.2k
世界モデルにおける分布外データ対応の方法論
Avatar for Hidehisa Arai koukyo1994
7
2k
「車1割削減、渋滞半減、公共交通2倍」を 熊本から岡山へ@RACDA設立30周年記念都市交通フォーラム2026
Avatar for Traffic Brain trafficbrain
1
800

Featured

See All Featured
The untapped power of vector embeddings
Avatar for Frank van Dijk frankvandijk
2
1.6k
Paper Plane (Part 1)
Avatar for Katie Cordina Lindsey katiecoart
PRO
0
5.8k
Applied NLP in the Age of Generative AI
Avatar for Ines Montani inesmontani
PRO
4
2.2k
SEOcharity - Dark patterns in SEO and UX: How to avoid them and build a more ethical web
Avatar for Sara Fernández Carmona sarafernandez
0
150
Music & Morning Musume
Avatar for Bryan Veloso bryan
47
7.1k
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
666
130k
The #1 spot is gone: here's how to win anyway
Avatar for Tamara Novitovic tamaranovitovic
2
990
We Are The Robots
Avatar for Honza Javorek honzajavorek
0
200
Building Applications with DynamoDB
Avatar for Matt Wood mza
96
7k
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
Avatar for soudai sone soudai
PRO
64
52k
The Impact of AI in SEO - AI Overviews June 2024 Edition
Avatar for Aleyda Solis aleyda
5
770
Building a Modern Day 
E-commerce SEO Strategy
Avatar for Aleyda Solis aleyda
45
9k

Transcript

  1. None

  2. Telecommunication Hardware Vulnerabilities

  3. WHOAMI • HACKER REASEARCHER @ DSEC.RU • @090h, [email protected]

    ADMIN @ ISP IN THE PAST • HACKING TELECOMMUNICATIONS SINCE 2001 • HACKING HARDWARE SINCE 2012 • DREAM TO LEARN, LEARN TO DREAM

  4. TELECOM HARDWARE • MODEM • ROUTER • SWiTCH • ATS

    • HYBRiD

  5. VULNERABiLiTiES • DEFAULT CREDENTiALS (admin:admin, admin:1234, cisco:cisco) • PLAiNTEXT PASSWORDS

    (/var/passwd) • BACKDOORS/ISP ACCOUNTS • AUTH BYPASS • USER iNPUT MiSVALiDATiON (COMMAND/SQL/HTML/XML injection) • iNFORMATiON DiSCLOSURE • CSRF • XXE • BOF (stack, heap, of-by-one) • WPS*

  6. VENDORS & VULNS @ EXPLOiT DB • Cisco 144 •

    D-link 81 • Linksys 49 • Netgear 36 • TP-Link 18 • Zyxel 15 • Huawei 13

  7. MODEMZ

  8. 3G/4G modems. Made in China by Huawei.

  9. Zero CD

  10. Zero CD-RW

  11. EViL C0NF

  12. OUC.EXE = OUCH LPE

  13. 3G/4G MODEM -> CYBERWEAPON

  14. CR0SSPLATF0RM 3G/4G M0D3M R00TKiT

  15. ROUTERZ

  16. SDLC BUBEN DANCiNG

  17. None

  18. BACKUP=FCUKUP

  19. GET HTTP REQUEST

  20. 20 AUTH BYPASS + CSRF = CONFiG UPLOAD 8) •

    Firewall/AV bypass • Botnet via Habrahabr <IMG SRC =“PWN”…

  21. 21 habrahabr.ru CSRF Evil FTP server Config CSRF

  22. • Network configuration • PPPOE account • SIP account CONFiGURATiON

  23. OLD DAYS…

  24. 24 2-12-85-06 2-12-85-06 2-12-85-06 2-12-85-06 2-12-85-06 2-12-85-06 XXI century

  25. AUTH BYPASS + CSRF + COMMAND INJECTION = w00t w00t

    rem0t3 reb00t… Back to 90’s….. Do you remember +++ATH.jpg trick? WARNINNG!!! WARNINNG!!! WARNINNG!!!

  26. Huawei HG8245 Jtagulator Huawei 8245 hacking

  27. PLACE 4 FUTURE ViRUSES

  28. PASSWORDS….

  29. How to rob the train in XXI century? Easy!

  30. WARNINNG!!! WARNINNG!!! WARNINNG!!! • WITH GREAT POWER COMES GREAT RESPONSIBILITY

    • ВАС ПРИСТРЕЛЯТ ПО УТРУ – НЕ РАБОТАЙТЕ ПО РУ • 272, 273, 274

  31. STAGE 0x00 • Search for train with WiFi • Buy

    train ticket • Don’t miss the train

  32. STAGE 0x01 admin

  33. STAGE 0x02

  34. STAGE 0x03

  35. STAGE 0x04

  36. SIP hacking? • Port 5060 + SHODAN • Auth needed?

    • Web interface?

  37. CALL TO UID 0

  38. but check! Trust,

  39. Any questions? INFO: @090h [email protected] Links https://github.com/0x90/routerz https://github.com/0x90/modemz