Adrian Pastor

Imię: Adrian

Nazwisko: Pastor

Informacje o prelegencie: I’ve been part of the security community for about four years. Currently, I work as a tiger team member, security researcher and trainer at GNUCITIZEN (www.gnucitizen.org).

GNUCITIZEN is a Cutting-edge, Ethical Hacker Outfit, Information Think Tank, which primarily deals with all aspects of the art of hacking. GNUCITIZEN’s work has been featured in established magazines and information portals, such as Wired, Eweek, The Register, PC Week, IDG, BBC and many others. The members of the GNUCITIZEN group are well known and respected experts in the Information Security and Negative Public Relations (PR) Industries, with widely recognized experience in the government and corporate sectors and the open source community.

I own a BSc (Hons) in Computer-aided Engineering.

Some of my research, including some of my recent embedded devices hacking projects have been featured by the media and security community:

Regarding BT Home Hub and FON network research:

  • Pauldotcom - ep. 86 (”If You Own a BT Home Hub, You’re gonna get Pwned” section)
  • Episode86
  • Pauldotcom - ep. 85 (”Pwning the Axis Camera” section)
  • Episode85″

Regarding Cisco Linksys WAG54GS router:

Temat wystąpienia: Cracking into embedded devices and beyond!

Abstrakt: The presentation covers cracking into embedded devices by exploiting vulnerabilities present on default software running on the target device.

Most of the vulnerabilities discussed are web bugs that can be exploited remotely. The reason for focusing on such type of flaws, is because I’ve personally had several successful experiences discovering important/critical vulnerabilities.

Additionally, the presentation is focused on vulnerabilities that can be exploited remotely.

Some of my personal discoveries will be covered, including vulnerabilities found on Axis IP cameras, Belkin “belkin54g” family of routers, BT Home Hub wireless routers (Thomson/Alcatel Speedtouch 7G), BT Voyager 2091, 3COM APXXXX Dual Radio 11a/b/g Access Point, and Linksys Wireless-G ADSL Gateway (WAG54GS).

Some interesting vulnerabilities found on embedded devices by other peers will also be explained.

Not only *real attacks* will be explored, but also the *consequences* of cracking into embedded devices. How nasty can it get after an embedded device has been exploited? How far does the rabbit hole go?

In the case of routers, scenarios include eavesdropping the victim(s)’ Internet connection, controlling the traffic flow, stealing services such as TV streaming and VoIP. In the case of miscellaneous devices such as IP cameras scenarios include replacing the surveillance video stream, and one of my favorites: using the device as a stepping stone to penetrate into the corporate network after the device as been compromised from an attack originated from the Internet.

Classic attacks against embedded devices will also be discussed, although this will be a minor portion of the presentation.

Finally, possibilities of exploiting FON, a community-shared Wi-Fi network will be discussed.