Abstract #
Physical access to a device can greatly help in vulnerability research as it opens up new vectors for exploitation. This is especially true for embedded devices, which often come with open serial ports and various types of debugging features. Therefore, security assessments of these devices should take into consideration the hardware components and their means of communication. In this paper, we explore a testing methodology that transforms a black box test into a white box test by using physical access to retrieve the code of the applications running on the device. To demonstrate its advantages, we apply this methodology to assess the security risks on a commercial router. We use it to uncover multiple code execution vulnerabilities in the router’s firmware. We discuss secure coding guidelines to remediate those vulnerabilities and the importance of IoT security.