New Video from @BlackHatOfficialYT Highlights Cloud Vulnerabilities in RI Network Devices
This content is an AI-generated summary. If you encounter any misinformation or problematic content, please report it to cyb.hub@proton.me.
In this video, the Clarity Team 82 research team presents a vulnerability study they conducted on the cloud infrastructure of RI, a network device manufacturer. The researchers, To and his colleague, explain how they managed to exploit cloud vulnerabilities to remotely attack devices. One of the key points of the presentation is the importance of cloud connectivity in modern devices. RI devices, such as Wi-Fi access points, use the cloud to allow administrators to configure and monitor devices remotely.
This feature, although convenient, can also be an entry point for attackers if they manage to exploit vulnerabilities in the cloud infrastructure. The researchers began their analysis by downloading the device's firmware from the manufacturer's website. They discovered that the firmware was encrypted, which complicated their task. However, they found a solution by exploiting a local vulnerability that allowed them to execute commands on the device. This enabled them to decrypt the firmware and access the file system, where they found the component responsible for cloud communication.
The analysis of the cloud communication component revealed that RI uses the MQTT protocol for communication between devices and the cloud. MQTT is a popular messaging protocol for IoT devices, which allows devices to publish and subscribe to messages on specific topics. The researchers discovered that RI devices use their serial number as an identifier to authenticate with the MQTT broker. By reversing the serial number and applying a SHA-256 hash, they were able to generate the credentials needed to connect to the RI cloud.
By exploiting this vulnerability, the researchers were able to subscribe to all MQTT topics used by RI devices, allowing them to receive all alerts and commands sent by the cloud. They also discovered that the commands sent by the cloud to the devices were actually OS commands, meaning they could execute code remotely on any RI device. The practical implications of these findings are vast. Attackers could potentially take control of thousands of RI devices worldwide, which could lead to DDoS attacks, data falsification, or even targeted attacks on specific networks.
For example, by capturing the serial numbers of devices via Wi-Fi tags, an attacker could target a specific network, such as that of an airport or an office. The researchers concluded their presentation by emphasizing the importance of IoT device security and device authentication. They also discussed responsible disclosure and how they reported the vulnerabilities to RI, which quickly implemented fixes. To learn more, watch the full video at the following address: https://www.youtube.com/watch?v=ZhO4n5PAXfk