The ability to update firmware is a feature that is found in nearly all modern embedded systems. We demonstrate how this feature can be exploited to allow attackers to inject malicious firmware modifications into vulnerable embedded devices. We discuss techniques for exploiting such vulnerable functionality and the implementation of a proof of concept printer malware capable of network reconnaissance, data exfiltration and propagation to general purpose computers and other embedded device types. We present a case study of the HP-RFU (Remote Firmware Update) LaserJet printer firmware modification vulnerability, which allows arbitrary injection of malware into the printer’s firmware via standard printed documents. We show vulnerable populatio...
Cyber-Physical system devices nowadays constitute a mixture of Information Technology (IT) and Opera...
With the increasing popularity of embedded systems, security and privacy concerns poses a huge threa...
Recent attacks on industrial control systems (ICSs), like the highly publicized Stuxnet malware, hav...
Network printers are ubiquitous fixtures within the modern IT infrastructure. Residing within sensit...
In the past, it was not possible to update the underlying software in many industrial control device...
We present a body of work aimed at understanding and improving the security posture of embedded devi...
Many embedded systems are complex, and it is often required that the firmware in these systems are u...
Firmware refers to device read-only resident code which includes microcode and macro-instruction-lev...
A paper co-authored by William Glisson and published in the Proceedings of the 50th Hawaii Internati...
Many recent advances in the scale, cost, and connectivity of hardware have brought about the era of ...
Embedded devices are ubiquitous; they are present in various sectors of everyday life: smart homes, ...
International audienceA fault attack is a well-known technique where the behaviour of a chip is volu...
Fault attacks are traditionally considered under a threat model that assumes the device under test i...
Embedded systems, as opposed to traditional computers, bring an incredible diversity. The number of...
Internet of Things (IoT) is becoming more integrated in our daily life with the increasing number of...
Cyber-Physical system devices nowadays constitute a mixture of Information Technology (IT) and Opera...
With the increasing popularity of embedded systems, security and privacy concerns poses a huge threa...
Recent attacks on industrial control systems (ICSs), like the highly publicized Stuxnet malware, hav...
Network printers are ubiquitous fixtures within the modern IT infrastructure. Residing within sensit...
In the past, it was not possible to update the underlying software in many industrial control device...
We present a body of work aimed at understanding and improving the security posture of embedded devi...
Many embedded systems are complex, and it is often required that the firmware in these systems are u...
Firmware refers to device read-only resident code which includes microcode and macro-instruction-lev...
A paper co-authored by William Glisson and published in the Proceedings of the 50th Hawaii Internati...
Many recent advances in the scale, cost, and connectivity of hardware have brought about the era of ...
Embedded devices are ubiquitous; they are present in various sectors of everyday life: smart homes, ...
International audienceA fault attack is a well-known technique where the behaviour of a chip is volu...
Fault attacks are traditionally considered under a threat model that assumes the device under test i...
Embedded systems, as opposed to traditional computers, bring an incredible diversity. The number of...
Internet of Things (IoT) is becoming more integrated in our daily life with the increasing number of...
Cyber-Physical system devices nowadays constitute a mixture of Information Technology (IT) and Opera...
With the increasing popularity of embedded systems, security and privacy concerns poses a huge threa...
Recent attacks on industrial control systems (ICSs), like the highly publicized Stuxnet malware, hav...