Overview
Explore the critical security vulnerabilities in network-attached storage (NAS) devices from major manufacturers like Seagate, D-Link, and Netgear in this 52-minute Black Hat conference talk. Delve into the extensive analysis conducted by Independent Security Evaluators (ISE) that uncovered dozens of previously undisclosed vulnerabilities. Learn how these security flaws not only expose stored data but also provide attackers with a vantage point for further network infrastructure exploitation. Examine various attack vectors, including command injection, directory traversal, authentication bypass, memory corruption, and backdoors, that can lead to administrative access. Discover how unauthenticated attackers can compromise and control storage systems with and without user interaction. Gain insights into the widespread use of NAS devices in homes, schools, government agencies, and businesses worldwide, and understand the implications of their security shortcomings. Witness live demonstrations of vulnerability exploitation to achieve root shell access, highlighting the urgent need for improved security measures in network storage and hardware devices.
Syllabus
Network Attached Shell: N.A.S.ty Systems that Store Network Accessible Shells
Taught by
Black Hat