Masande Mtintsilana is an Information Security Consultant at MWR InfoSecurity, where he is part of the mobile security practice. He enjoys taking deep dives into application security and has published advisories for vulnerabilities discovered in LG flagship devices. He completed his undergrad in Electrical and Computer Engineering at the University of Cape Town. In his free-time Masande enjoys participating in capture-the-flag (CTF) competitions and reverse engineering applications.@_masande
Talk: Junk Hacking to Skill Up – Learning Through Reversing Engineering Embedded Devices.
A growing opinion in the InfoSec community is that junk hacking, finding vulnerabilities in arbitrary computer-like devices, is often done only for fame and fortune and does no good but spread fear, uncertainty and doubt. This is probably true to some extent, but there is a part to it that is often overlooked. What I’m referring to here is the useful tricks and techniques gained through exploring and exploiting these junk devices, which is often more interesting than the bugs themselves.
So in the spirit of learning by junk hacking, I will discuss my journey hacking a “Personal Cloud Storage and Media Streamer”, along with all the trials and tribulations encountered. This includes discovering multiple ways to pop a root shell on the target device by exploiting network services, physical ports and a companion mobile application.
This talk aims to inspire random acts of hacking , by showing you how to get started with bug hunting. This includes setting up your own environment and knowing how to debug your way out of sticky situations. And since embedded device security is still lost in the 90s, we’ll learn some tell-tale signs that might indicate promising bugs, all with minimal effort.