In the last 36 hours, news of a “cyber attack” against Deutsche Telekom DSL routers has been making headlines in German media. Customers have been asked to restart their devices to receive firmware updates, but little information on the actual cause has been made available, which has led to rumours and speculation. The dominant theory proposed thus far was that a strain of the Mirai botnet family was responsible for the outage .
Last month we gave a presentation at REcon about Samsung baseband security. The slides are available here. In the talk, we discuss steps for understanding the proprietary firmware format, reverse engineering the RTOS, figuring out the security architecture, analyzing the attack surface to find vulnerabilities, and, finally, writing an exploit to achieve remote code execution. During our journey, we found several tricks that often prove useful during the reverse engineering of embedded devices nicely applicable to our usecase.
Comsecuris UG (haftungsbeschränkt)
EU VAT ID / USt-Id-Nr: DE291357352
Registered office: Bismarckstrasse 120, 47057 Duisburg, Germany
Commercial register: Amtsgericht Duisburg, HRB 27056
Director: Dr. Ralf-Philipp Weinmann