Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Oleg Kupreev - Telecommunication Hardware Vulne...

Avatar for DC7499 DC7499
July 03, 2015
Research
0
54

Oleg Kupreev - Telecommunication Hardware Vulnerabilities

DEFCON Moscow 9

Avatar for DC7499

DC7499

July 03, 2015
Tweet

More Decks by DC7499

See All by DC7499
Sergey Sobko - Hackashop: Hackathon + Pentest + Workshop [RU]
Avatar for DC7499 defcon
0
540
Dmitry Sklyarov - Intel ME: Security keys Genealogy, Obfuscation and other Magic
Avatar for DC7499 defcon
0
270
Anton Lopanitsyn - Initial reconnaissance of web applications.
Avatar for DC7499 defcon
0
300
Dmitry Volkov - Private messengers: without pain??
Avatar for DC7499 defcon
1
240
Andrey Skuratov and Sergey Migalin - DNS tunneling in 2018. What is that, and what to do with it?
Avatar for DC7499 defcon
2
210
Sergey Belov - Another side of Bug Bounty programs
Avatar for DC7499 defcon
0
300
Dmitry Sklyarov - Intel ME: Flash file system explained
Avatar for DC7499 defcon
0
530
Maxim Goryachiy & Mark Ermolov - Inside Intel Management Engine
Avatar for DC7499 defcon
0
610
Sergey Golovanov - Indecent Response 2018
Avatar for DC7499 defcon
0
530

Other Decks in Research

See All in Research
snlp2025_prevent_llm_spikes
Avatar for Sho Takase takase
0
380
AIグラフィックデザインの進化:断片から統合(One Piece)へ / From Fragment to One Piece: A Survey on AI-Driven Graphic Design
Avatar for Shunsuke KITADA shunk031
0
510
MetaEarth: A Generative Foundation Model for Global-Scale Remote Sensing Image Generation
Avatar for SatAI.challenge satai
4
330
ウェブ・ソーシャルメディア論文読み会 第31回: The rising entropy of English in the attention economy. (Commun Psychology, 2024)
Avatar for taichi_murayama hkefka385
1
110
HoliTracer:Holistic Vectorization of Geographic Objects from Large-Size Remote Sensing Imagery
Avatar for SatAI.challenge satai
3
120
論文紹介:Not All Tokens Are What You Need for Pretraining
Avatar for Kosuke Nishida kosuken
0
200
Google Agent Development Kit (ADK) 入門 🚀
Avatar for MIKIO KUBO mickey_kubo
2
2.1k
Pythonでジオを使い倒そう! 〜それとFOSS4G Hiroshima 2026のご紹介を少し〜
Avatar for wata909 wata909
0
980
単施設でできる臨床研究の考え方
Avatar for Shuntaro Sato shuntaros
0
3k
SNLP2025:Can Language Models Reason about Individualistic Human Values and Preferences?
Avatar for Yuki Zenimoto yukizenimoto
0
190
EOGS: Gaussian Splatting for Efficient Satellite Image Photogrammetry
Avatar for SatAI.challenge satai
4
670
地域丸ごとデイサービス「Go トレ」の紹介
Avatar for SMARTふくしラボ smartfukushilab1
0
160

Featured

See All Featured
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
273
27k
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
91
590k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
285
14k
Making Projects Easy
Avatar for Brett Harned brettharned
120
6.4k
Stop Working from a Prison Cell
Avatar for Chris Michel hatefulcrawdad
271
21k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
333
22k
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
52
3.4k
Context Engineering - Making Every Token Count
Avatar for Addy Osmani addyosmani
7
260
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
248
1.3M
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
33
2.5k
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
303
21k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k

Transcript

  1. None

  2. Telecommunication Hardware Vulnerabilities

  3. WHOAMI • HACKER REASEARCHER @ DSEC.RU • @090h, [email protected]

    ADMIN @ ISP IN THE PAST • HACKING TELECOMMUNICATIONS SINCE 2001 • HACKING HARDWARE SINCE 2012 • DREAM TO LEARN, LEARN TO DREAM

  4. TELECOM HARDWARE • MODEM • ROUTER • SWiTCH • ATS

    • HYBRiD

  5. VULNERABiLiTiES • DEFAULT CREDENTiALS (admin:admin, admin:1234, cisco:cisco) • PLAiNTEXT PASSWORDS

    (/var/passwd) • BACKDOORS/ISP ACCOUNTS • AUTH BYPASS • USER iNPUT MiSVALiDATiON (COMMAND/SQL/HTML/XML injection) • iNFORMATiON DiSCLOSURE • CSRF • XXE • BOF (stack, heap, of-by-one) • WPS*

  6. VENDORS & VULNS @ EXPLOiT DB • Cisco 144 •

    D-link 81 • Linksys 49 • Netgear 36 • TP-Link 18 • Zyxel 15 • Huawei 13

  7. MODEMZ

  8. 3G/4G modems. Made in China by Huawei.

  9. Zero CD

  10. Zero CD-RW

  11. EViL C0NF

  12. OUC.EXE = OUCH LPE

  13. 3G/4G MODEM -> CYBERWEAPON

  14. CR0SSPLATF0RM 3G/4G M0D3M R00TKiT

  15. ROUTERZ

  16. SDLC BUBEN DANCiNG

  17. None

  18. BACKUP=FCUKUP

  19. GET HTTP REQUEST

  20. 20 AUTH BYPASS + CSRF = CONFiG UPLOAD 8) •

    Firewall/AV bypass • Botnet via Habrahabr <IMG SRC =“PWN”…

  21. 21 habrahabr.ru CSRF Evil FTP server Config CSRF

  22. • Network configuration • PPPOE account • SIP account CONFiGURATiON

  23. OLD DAYS…

  24. 24 2-12-85-06 2-12-85-06 2-12-85-06 2-12-85-06 2-12-85-06 2-12-85-06 XXI century

  25. AUTH BYPASS + CSRF + COMMAND INJECTION = w00t w00t

    rem0t3 reb00t… Back to 90’s….. Do you remember +++ATH.jpg trick? WARNINNG!!! WARNINNG!!! WARNINNG!!!

  26. Huawei HG8245 Jtagulator Huawei 8245 hacking

  27. PLACE 4 FUTURE ViRUSES

  28. PASSWORDS….

  29. How to rob the train in XXI century? Easy!

  30. WARNINNG!!! WARNINNG!!! WARNINNG!!! • WITH GREAT POWER COMES GREAT RESPONSIBILITY

    • ВАС ПРИСТРЕЛЯТ ПО УТРУ – НЕ РАБОТАЙТЕ ПО РУ • 272, 273, 274

  31. STAGE 0x00 • Search for train with WiFi • Buy

    train ticket • Don’t miss the train

  32. STAGE 0x01 admin

  33. STAGE 0x02

  34. STAGE 0x03

  35. STAGE 0x04

  36. SIP hacking? • Port 5060 + SHODAN • Auth needed?

    • Web interface?

  37. CALL TO UID 0

  38. but check! Trust,

  39. Any questions? INFO: @090h [email protected] Links https://github.com/0x90/routerz https://github.com/0x90/modemz