Hacking Embedded Linux Based Home Appliances
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
AMNESIA 33: How TCP/IP Stacks Breed Critical Vulnerabilities in Iot
AMNESIA:33 | RESEARCH REPORT How TCP/IP Stacks Breed Critical Vulnerabilities in IoT, OT and IT Devices Published by Forescout Research Labs Written by Daniel dos Santos, Stanislav Dashevskyi, Jos Wetzels and Amine Amri RESEARCH REPORT | AMNESIA:33 Contents 1. Executive summary 4 2. About Project Memoria 5 3. AMNESIA:33 – a security analysis of open source TCP/IP stacks 7 3.1. Why focus on open source TCP/IP stacks? 7 3.2. Which open source stacks, exactly? 7 3.3. 33 new findings 9 4. A comparison with similar studies 14 4.1. Which components are typically flawed? 16 4.2. What are the most common vulnerability types? 17 4.3. Common anti-patterns 22 4.4. What about exploitability? 29 4.5. What is the actual danger? 32 5. Estimating the reach of AMNESIA:33 34 5.1. Where you can see AMNESIA:33 – the modern supply chain 34 5.2. The challenge – identifying and patching affected devices 36 5.3. Facing the challenge – estimating numbers 37 5.3.1. How many vendors 39 5.3.2. What device types 39 5.3.3. How many device units 40 6. An attack scenario 41 6.1. Other possible attack scenarios 44 7. Effective IoT risk mitigation 45 8. Conclusion 46 FORESCOUT RESEARCH LABS RESEARCH REPORT | AMNESIA:33 A note on vulnerability disclosure We would like to thank the CERT Coordination Center, the ICS-CERT, the German Federal Office for Information Security (BSI) and the JPCERT Coordination Center for their help in coordinating the disclosure of the AMNESIA:33 vulnerabilities. -
Analysis of Firmware Security in Embedded ARM Environments
Analysis of Firmware Security in Embedded ARM Environments Dane A. Brown Dissertation submitted to the Faculty of the Virginia Polytechnic Institute and State University in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Engineering T. Charles Clancy, Chair Ryan Gerdes Yaling Yang Jonathan Black Patrick Schaumont August 13, 2019 Arlington, Virginia Keywords: Security, Firmware, Embedded Devices, ARM Copyright 2019, Dane A. Brown Analysis of Firmware Security in Embedded ARM Environments Dane A. Brown (ABSTRACT) Modern enterprise-grade systems with virtually unlimited resources have many options when it comes to implementing state of the art intrusion prevention and detection solutions. These solutions are costly in terms of energy, execution time, circuit board area, and capital. Sus- tainable Internet of Things devices and power-constrained embedded systems are thus forced to make suboptimal security trade-offs. One such trade-off is the design of architectures which prevent execution of injected shell code, yet have allowed Return Oriented Program- ming (ROP) to emerge as a more reliable way to execute malicious code following attacks. ROP is a method used to take over the execution of a program by causing the return address of a function to be modified through an exploit vector, then returning to small segments of otherwise innocuous code located in executable memory one after the other to carry out the attacker’s aims. We show that the Tiva TM4C123GH6PM microcontroller, which utilizes an ARM Cortex-M4F processor, can be fully controlled with this technique. Firmware code is pre-loaded into a ROM on Tiva microcontrollers which can be subverted to erase and rewrite the flash memory where the program resides. -
Open-Source-Licenses.Pdf
Open Source Licenses Olivier Dony @odony Agenda o Brief history: GPL and Copyleft o AGPL vs LGPL o Licenses of Odoo 9 o Combining licenses Brief history: GPL Before 1980, most programs were distributed with source code by default (for portability, bugfixing, auditing, etc.) Most software came from an academic background Then the situation changed. GPL = Copyleft Copyleft relies on universal Copyright laws to enforce freedom for a piece of work The Free Software Foundation defines four freedoms: use, modify, distribute, and distribute modifications To guarantee these freedoms to every user, GPL forbids any restriction coming from other licenses Brief history: GPL 1983: Richard Stallman creates GNU 1989: GPLv1 is born (bin + source, no restrictions) 1991: GPLv2, LGPLv2 (“liberty or death”, C-lib) 1999: LGPLv2.1 (library -> lesser) 2007: GPLv3, LGPLv3, AGPLv3 (DRM, tivoization, wording, patents) Brief history: Odoo 2005: TinyERP 1.0-4.0 – GPLv2 or later 2009: OpenERP 5.0 – GPLv3 or later + OEPL (web) 2011: OpenERP 6.0 – AGPLv3 + OEPL (web) 2012: OpenERP 6.1 – AGPLv3 2012: OpenERP0 0 0 7.02 – AGPLv3 5 0 2014: Odoo 8.0 – AGPLv3 0 2 2015:0 Odoo1 0 2 9.0 – CE: LGPLv3 + OE AGPL GPL is a strong copyleft license, but it suffers from the ASP loophole (Cloud) => 4 freedoms are only enforced if distributed AGPL was created to fix this, by adding the Section 13 provision: Copyleft applies as soon as users are interacting remotely with the program LGPL GPL is a strong copyleft license, but lacks a linking exception => Unsuitable for libraries, such as the C lib LGPL was created to fix this, by adding a linking exception on top of GPL “Using/Linking” in any program is OK if the LGPL part can be modified/replaced. -
Coreboot - the Free firmware
coreboot - the free firmware Linux Club of Peking University April 9th, 2016 . Linux Club of Peking University coreboot - the free firmware April 9th, 2016 1 / 30 1 History 2 Why use coreboot 3 How coreboot works 4 Building and using coreboot 5 Flashing 6 Utilities and Debugging 7 Contribute to coreboot 8 Proprietary Components 9 References . Linux Club of Peking University coreboot - the free firmware April 9th, 2016 2 / 30 History: from LinuxBIOS to coreboot coreboot has a very long history, stretching back more than 15 years to when it was known as LinuxBIOS. While the project has gone through lots of changes over the years, many of the earliest developers still contribute today. Linux Club of Peking University coreboot - the free firmware April 9th, 2016 3 / 30 LinuxBIOS v1: 1999-2000 The coreboot project originally started as LinuxBIOS in 1999 at Los Alamos National Labs (LANL) by Ron Minnich. Ron needed to boot a cluster made up of many x86 mainboards without the hassles that are part of the PC BIOS. The goal was to do minimal hardware initilization in order to boot Linux as fast as possible. Linux already had the drivers and support to initialize the majority of devices. Ron and a number of other key contributors from LANL, Linux NetworkX, and other open source firmware projects successfully booted Linux from flash. From there they were able to discover other nodes in the cluster, load a full kernel and user space, and start the clustering software. Linux Club of Peking University coreboot - the free firmware April 9th, 2016 4 / 30 LinuxBIOS v2: 2000-2005 After the initial success of v1, the design was expanded to support more CPU architectures (x86, Alpha, PPC) and to support developers with increasingly diverse needs. -
License Expectations 1 Contents
License Expectations 1 Contents 2 Licensing constraints 2 3 GPL-3 and derivatives ........................... 2 4 Original 4 clause BSD license ....................... 3 5 Apertis Licensing expectations 3 6 General rules of the Apertis project and their specific constraints ... 3 7 Apertis Repository component specific rules ............... 3 8 target ................................. 4 9 hmi .................................. 4 10 sdk ................................... 5 11 development .............................. 5 12 Auditing the license of a project 5 13 Documenting exceptions 6 14 Appendix 6 15 The Debian Free Software Guidelines (DFSG) .............. 6 16 Apertis aims to accomplish the following goals with it’s licensing: 17 • Ensure that all the software shipped in Apertis is open source or at least 18 freely distributable, so that downstreams are entitled to use, modify and 19 redistribute work derived from our deliverables. 20 • Ensure that Apertis images targeting devices (such as HMI and fixedfunc- 21 tion), are not subject to licensing constraints that may conflict with the 22 regulatory requirements of some intended use cases. 23 In order to reach these goals, the below assumptions are made: 24 • Licenses declared by open source projects are correct: The soft- 25 ware authors correctly document the licensing of their released software 26 sources and that they have all the rights to distribute it under the docu- 27 mented terms. 28 • Licenses verified by the Debian project are correct: The package 29 distributors (that is, Debian maintainers and the FTP Masters team) 30 check that the licensing terms provided by the software authors are 31 open source using the definitions in the Debian Free Software Guide- 1 32 lines and ensure those terms are documented in a canonical location 33 (debian/copyright in the package sources). -
Linux Kernel. LTS? LTSI?
ARM Reference Kernel of Tizen 3 MyungJoo Ham, Ph.D. MyungJoo Ham Tizen “System Domain” & System SW Lab “Base Domain” Architect SW Platform Team SWC Samsung Electronics ARM Reference Kernel of Tizen 3 1. What is it? 2. Idea & Principle 3. Design & Updates 4. Discussion What is “Tizen Reference Kernel” • Kernel (& BSP) for Tizen Reference Devices BSP Validated & Tested for the Reference Devices Image from seoz.com 3 What is “Tizen Reference Kernel” • Kernel (& BSP) for Tizen Reference Devices BSP Validated & Tested for the Reference Devices Yet Another BSP? Image from seoz.com 4 Need for “Tizen Reference Kernel” • Distribute reference devices • Tizen-common kernel features & interface • Basis for next-gen Tizen development 1 KDBUS, User PM-QoS, PASS, DMABUF Sync FW, … 2 CMA, DRM-Exynos, Devfreq, Extcon, Charger-manager, LAB/Turboboost … • Support Tizen Vendors! • Well-known and well-written example. • Code basis for vendors. 5 Previous Tizen ARM Reference Kernel (~2.2.1) • Linux 3.0.15 • Obsolete LTS. (Current: 3.4 & 3.10) • Support RD-PQ (Tizen 2) & RD-210 (Tizen 1 & 2) • RD-PQ: Exynos4412 • RD-210: Exynos4210 (Linux 2.6.36 for Tizen 1) • Not Good as Reference • Too many backported features. • Too OLD! No LTS/LTSI support • Many kernel hacks & dirty patches • git history removed. 1. Forked from production kernel. 2. Hard to read 6 Status of Tizen 3 Reference Kernels • Two Reference Kernels: ARM / Intel • ARM (armv7, aarch64) • Linux 3.10.y • 3.10.33 @ 2014/05 • Full git history. • armv6 support (Raspberry Pi) coming soon. (Thanks to Univ. of Warsaw) • Test & validation phase (integration test with userspace) • Intel (x86, x86_64) • Linux 3.14.1 • Recent ATOM SoC support merged @ 3.14 • Test & validation phase (integration test with userspace) 7 ARM Reference Kernel of Tizen 3 1. -
Introductory Lecture & FLOSS
Introductory Lecture & FLOSS Lecture 1 TU Wien, 193.067 Free and Open Technologies (WS 2019/2020) Christoph Derndorfer and Lukas F. Lang This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. Introduction Organization ● Lectures: ○ Weekly lecture to cover course materials (until Christmas) ○ Lectures take place on Tuesdays, 17:00–19:00, Argentinierstraße 8, Seminarraum/Bibliothek 194-05 ○ Attendance is mandatory ● Group project: ○ In groups of 4 students ○ 3 meetings with lecturers during the semester (week 44/2019, week 48/2019, week 2/2020) ○ Final presentations at the end of January (week 4/2020) ● Final paper: ○ In groups of 2 students ○ Final presentations at the end of January (week 5/2020) ○ Deadline: Sunday, February 9, 2020, 23:59 CET (no exceptions!) Organization ● Grading: ○ 50% group project ○ 35% seminar paper ○ 15% participation during lectures ○ All course components need to be passed in order to pass the overall course! ● Course materials: ○ Will be provided at https://free-and-open-technologies.github.io ● For further questions: ○ Email [email protected] and [email protected] Lecture outline 1. FLOSS (Free/Libre and Open Source Software) 2. Open Hardware 3. Open Data 4. Open Content/Open Educational Resources 5. Open Science/Research 6. Open Access 7. Open Spaces/Open Practices: Metalab Vienna 8. Guest Lecture: Stefanie Wuschitz (Mz* Baltazar’s Lab) Group project ● Goal: ○ Extend, contribute to, or create a new open project within scope of lecture topics ● Choose topic from a list (see course website) or (even better) suggest your own: ○ Groups of 4 students ○ Send a 1-page proposal until Friday, October 25, via email to both lecturers ■ Define the idea, goal, (potential) impact, requirements, and estimated effort ■ State deliverables (should be broken down into three milestones to discuss in meetings) ● Requirements: ○ Open and accessible (Git repository, openly licensed) → others can access/use/study/extend ○ Use time sheet to track and compare estimated vs. -
Open Source Claire Le Goues
Foundations of Software Engineering Lecture 24: Open Source Claire Le Goues 1 Learning goals • Understand the terminology “free software” and explain open source culture and principles. • Express an educated opinion on the philosophical/political debate between open source and proprietary principles. • Reason about the tradeoffs of the open source model on issues like quality and risk, both in general and in a proprietary context. 2 Motivation to understand open source. • Companies work on open source projects. • Companies use open source projects. • Companies are based around open source projects. • Principles percolate throughout industry. • Political/philosophical debate, and being informed is healthy. 3 Quick and easy definitions • Proprietary software – software which doesn’t meet the requirements of free software or open source software • Free software – software with a strong emphasis on user rights • Open source software – software where the source code is shared with the community • Does Free Software = Open Source? 4 “Free as in free speech.” 5 6 Stallman vs. Gates 7 Free Software vs Open Source • Free software origins (70-80s ~Stallman) – Political goal – Software part of free speech • free exchange, free modification • proprietary software is unethical • security, trust – GNU project, Linux, GPL license • Open source (1998 ~ O'Reilly) – Rebranding without political legacy – Emphasis on internet and large dev./user involvement – Openness toward proprietary software/coexist – (Think: Netscape becoming Mozilla) 8 The Cathedral and the Bazaar 9 The Cathedral and the Bazaar • Cathedral (closed source) – Top-down design with focus on planning • Bazaar (open source) – Organic bottom-up movement – Code always public over internet – Linux/Fetchmail stories 10 Eric Raymond. -
The General Public License Version 3.0: Making Or Breaking the FOSS Movement Clark D
Michigan Telecommunications and Technology Law Review Volume 14 | Issue 2 2008 The General Public License Version 3.0: Making or Breaking the FOSS Movement Clark D. Asay Follow this and additional works at: http://repository.law.umich.edu/mttlr Part of the Computer Law Commons, and the Science and Technology Law Commons Recommended Citation Clark D. Asay, The General Public License Version 3.0: Making or Breaking the FOSS Movement, 14 Mich. Telecomm. & Tech. L. Rev. 265 (2008). Available at: http://repository.law.umich.edu/mttlr/vol14/iss2/1 This Article is brought to you for free and open access by the Journals at University of Michigan Law School Scholarship Repository. It has been accepted for inclusion in Michigan Telecommunications and Technology Law Review by an authorized editor of University of Michigan Law School Scholarship Repository. For more information, please contact [email protected]. THE GENERAL PUBLIC LICENSE VERSION 3.0: MAKING OR BREAKING THE FOSS MOVEMENT? Clark D. Asay* Cite as: Clark D. Asay, The GeneralPublic License Version 3.0: Making or Breaking the Foss Movement? 14 MICH. TELECOMM. TECH. L. REV. 265 (2008), available at http://www.mttlr.org/volfourteen/asay.pdf I. INTRODUCTION ......................................................................... 266 II. FREE SOFTWARE V. OPEN SOURCE ........................................... 268 A. The FSF's Vision of Free Software..................................... 268 B. The OSI's Vision: A Different Movement? ......................... 270 C. PracticalDifferences? ....................................................... 271 III. G PLv3: ITS T ERM S................................................................... 274 A. GPLv3 's Anti-DRM Section ............................................... 274 1. Its C ontents ................................................................. 274 2. FSF's Position on DRM .............................................. 276 3. The Other Side of the Coin? OSI Sympathizers ........ -
Embedded Operating Systems
7 Embedded Operating Systems Claudio Scordino1, Errico Guidieri1, Bruno Morelli1, Andrea Marongiu2,3, Giuseppe Tagliavini3 and Paolo Gai1 1Evidence SRL, Italy 2Swiss Federal Institute of Technology in Zurich (ETHZ), Switzerland 3University of Bologna, Italy In this chapter, we will provide a description of existing open-source operating systems (OSs) which have been analyzed with the objective of providing a porting for the reference architecture described in Chapter 2. Among the various possibilities, the ERIKA Enterprise RTOS (Real-Time Operating System) and Linux with preemption patches have been selected. A description of the porting effort on the reference architecture has also been provided. 7.1 Introduction In the past, OSs for high-performance computing (HPC) were based on custom-tailored solutions to fully exploit all performance opportunities of supercomputers. Nowadays, instead, HPC systems are being moved away from in-house OSs to more generic OS solutions like Linux. Such a trend can be observed in the TOP500 list [1] that includes the 500 most powerful supercomputers in the world, in which Linux dominates the competition. In fact, in around 20 years, Linux has been capable of conquering all the TOP500 list from scratch (for the first time in November 2017). Each manufacturer, however, still implements specific changes to the Linux OS to better exploit specific computer hardware features. This is especially true in the case of computing nodes in which lightweight kernels are used to speed up the computation. 173 174 Embedded Operating Systems Figure 7.1 Number of Linux-based supercomputers in the TOP500 list. Linux is a full-featured OS, originally designed to be used in server or desktop environments. -
GNU / Linux and Free Software
GNU / Linux and Free Software GNU / Linux and Free Software An introduction Michael Opdenacker Free Electrons http://free-electrons.com Created with OpenOffice.org 2.x GNU / Linux and Free Software © Copyright 2004-2007, Free Electrons Creative Commons Attribution-ShareAlike 2.5 license http://free-electrons.com Sep 15, 2009 1 Rights to copy Attribution ± ShareAlike 2.5 © Copyright 2004-2007 You are free Free Electrons to copy, distribute, display, and perform the work [email protected] to make derivative works to make commercial use of the work Document sources, updates and translations: Under the following conditions http://free-electrons.com/articles/freesw Attribution. You must give the original author credit. Corrections, suggestions, contributions and Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license translations are welcome! identical to this one. For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the copyright holder. Your fair use and other rights are in no way affected by the above. License text: http://creativecommons.org/licenses/by-sa/2.5/legalcode GNU / Linux and Free Software © Copyright 2004-2007, Free Electrons Creative Commons Attribution-ShareAlike 2.5 license http://free-electrons.com Sep 15, 2009 2 Contents Unix and its history Free Software licenses and legal issues Free operating systems Successful project highlights Free Software -
Free As in Freedom (2.0): Richard Stallman and the Free Software Revolution
Free as in Freedom (2.0): Richard Stallman and the Free Software Revolution Sam Williams Second edition revisions by Richard M. Stallman i This is Free as in Freedom 2.0: Richard Stallman and the Free Soft- ware Revolution, a revision of Free as in Freedom: Richard Stallman's Crusade for Free Software. Copyright c 2002, 2010 Sam Williams Copyright c 2010 Richard M. Stallman Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled \GNU Free Documentation License." Published by the Free Software Foundation 51 Franklin St., Fifth Floor Boston, MA 02110-1335 USA ISBN: 9780983159216 The cover photograph of Richard Stallman is by Peter Hinely. The PDP-10 photograph in Chapter 7 is by Rodney Brooks. The photo- graph of St. IGNUcius in Chapter 8 is by Stian Eikeland. Contents Foreword by Richard M. Stallmanv Preface by Sam Williams vii 1 For Want of a Printer1 2 2001: A Hacker's Odyssey 13 3 A Portrait of the Hacker as a Young Man 25 4 Impeach God 37 5 Puddle of Freedom 59 6 The Emacs Commune 77 7 A Stark Moral Choice 89 8 St. Ignucius 109 9 The GNU General Public License 123 10 GNU/Linux 145 iii iv CONTENTS 11 Open Source 159 12 A Brief Journey through Hacker Hell 175 13 Continuing the Fight 181 Epilogue from Sam Williams: Crushing Loneliness 193 Appendix A { Hack, Hackers, and Hacking 209 Appendix B { GNU Free Documentation License 217 Foreword by Richard M.