Exploiting UART for Root Shell Access A Practical Guide to Embedded Security Testing Shravan Singh 2024 November BreachForce Community| Cyber Security Cohort

Currently Working 2024 November ❑Senior Penetration Test Engineer - LTTS Past Experience ❑ Security Engineer –Redfox Security ❑ Postgraduate Researcher –COE CNDS, VJTI ❑ Process Executive –Nvidia ❑ R&D Engineer –Robokart Shravan Singh BE- ACE, Malad M.Tech – VJTI, Matunga BreachForce Community| Cyber Security Cohort

2024 November Agenda ❑ What is UART – Basics and importance in embedded security ❑ Tools in Use – Hardware essentials for the session ❑ Analyzing PCB – Chips, debugging ports, and vulnerabilities ❑ Pinout Identification – Finding and mapping UART pins. ❑ Connection Setup – Linking UART to hardware tools. ❑ Root Shell Access – Gaining root access to the device ❑ What’s Next – Start your lab, test smart devices, and explore findings like TP-Link and Philips Shravan Singh BreachForce Community| Cyber Security Cohort

2024 November What Is UART Exploitation? Universal Asynchronous Receiver-Transmitter UART enables serial communication by converting data between parallel and serial forms. It is used for debugging, device communication and accessing firmware in embedded systems. In hardware hacking, UART helps uncover device internals via exposed debug ports or test points. Shravan Singh BreachForce Community| Cyber Security Cohort

2024 November Other Protocols in Embedded Systems Shravan Singh BreachForce Community| Cyber Security Cohort

2024 November Target Device ❑ Consumer-grade router demonstrating UART exploitation. ❑ Testing applicable to healthcare devices (e.g., patient monitors). ❑ Extendable to automotive systems (e.g., ECUs, infotainment units). ❑ Relevant for smart home devices (e.g., locks, cameras). Shravan Singh BreachForce Community| Cyber Security Cohort

2024 November Tools in Use for the Session Shravan Singh BreachForce Community| Cyber Security Cohort

2024 November PCB Analysing ❑ What do we notice on the front and back of this PCB? ❑ Can we identify the key chipsets like memory or wireless modules? ❑ Do you see any unlabeled pinouts that might hint at UART or JTAG? ❑ What reversing clues can debugging ports or test points reveal? Shravan Singh BreachForce Community| Cyber Security Cohort

2024 November PCB Analysing Shravan Singh BreachForce Community| Cyber Security Cohort

2024 November Identification of Pinout ? Shravan Singh BreachForce Community| Cyber Security Cohort

2024 November Identification of Pinout (GND) ❑ Step –1 Continuity Test Shravan Singh BreachForce Community| Cyber Security Cohort

2024 November Identification of Pinout (GND) Shravan Singh BreachForce Community| Cyber Security Cohort https://youtu.be/eCxGUmFt8Q0

2024 November Identification of Pinout (VCC) ❑ Step –2 Voltage Test Shravan Singh BreachForce Community| Cyber Security Cohort

2024 November Identification of Pinout (RX & TX) ❑ Step –3 Jtagulator Test Shravan Singh BreachForce Community| Cyber Security Cohort

2024 November Identification of Pinout (RX & TX) Shravan Singh https://youtu.be/KgEZOePaWuk BreachForce Community| Cyber Security Cohort

2024 November Identification of Pinout (RX & TX) ❑ Step –3 Jtagulator Test Shravan Singh BreachForce Community| Cyber Security Cohort

2024 November Identification of Pinout (RX & TX) Shravan Singh BreachForce Community| Cyber Security Cohort

2024 November Connection Setup Shravan Singh BreachForce Community| Cyber Security Cohort

https://youtu.be/44Sk9i3Pj6w?si=Qu-Fs_wjI4FPKXhS 2024 November Boot Process of Router Shravan Singh https://youtu.be/44Sk9i3Pj6w BreachForce Community| Cyber Security Cohort

2024 November Root Shell Access Shravan Singh BreachForce Community| Cyber Security Cohort

2024 November What’s Next ❑ Start exploring your nearby smart devices—routers, smart bulbs, security cameras, or smart plugs. ❑ Many of these devices are easily available online for testing and learning. ❑ Refer to detailed blogs and online resources to deepen your understanding of hardware hacking. ❑ Use today’s insights to set up your own hardware testing lab and uncover vulnerabilities in everyday IoT devices. Shravan Singh BreachForce Community| Cyber Security Cohort

2024 November Latest Findings: Philips Lighting Devices Vulnerabilities ❑ Philips Lighting IoT devices are reported to have a critical vulnerability that allows attackers to obtain sensitive information from the target. This highlights the importance of securing everyday smart devices against exploitation. Shravan Singh BreachForce Community| Cyber Security Cohort

2024 November IoT Devices: A New Security Challenge ❑ CERT-In Alert: A newly discovered IoT vulnerability may allow unauthorized access, putting device security at risk. With IoT adoption skyrocketing, addressing such gaps is crucial. Shravan Singh Breach Force | Cyber Security Cohort

2024 November IoT Devices: Hall of Fame as Recognition ❑ Philips lightning: Hall of Fame Shravan Singh BreachForce Community| Cyber Security Cohort

2024 November IoT Devices: A Bounty for Recognition Shravan Singh BreachForce Community| Cyber Security Cohort

2024 November IoT Devices: A Bounty for Recognition Shravan Singh BreachForce Community| Cyber Security Cohort

2024 November Q & A Shravan Singh BreachForce Community| Cyber Security Cohort

THANK YOU FOR ATTENTION Exploitation UART for Root Shell Access | A Practical Guide to Embedded Security Testing See You Next Time 2024 November Shravan Singh BreachForce Community| Cyber Security Cohort