Nilesh Kumar

Controllers are an essential part of ICS (Industrial Control Systems) network. Generally they are interface to many field devices such as sensors and placed within closed network. Exposing them outside world may be disastrous and they can be configured/ mis- configured to carry put attacks which can have dangerous impact on human being's life and safety. So, it's necessary to do a security assessment of ICS networks to uncover potential vulnerabilties. In brief, to test a controller we need to: Understand the entire architecture- the platform, technologies, protocol it understands. Do a quick threat modeling here. Review Network architecture, see how the controller is placed, ideally it should not be reachable from internet. Firmware testing: Most of the controllers have embedded systems on them. Do a firmware testing here- De compiling, modifying, patching, looking for hard coded sensitive credentials. How the firmware is uploaded/ downloaded- how secure is the mechan...

Encryption: It prevents reverse engineering of the firmware. The firmware might be stored in encrypted form and only decrypted when it is to be executed, or it might be decrypted during the firmware update process. • Signing: is concerned with ensuring that a message has not been corrupted or modified while in transit. This is important since a malicious user cannot be allowed to alter the firmware originally delivered by the firmware producer. • No hardcoded credentials: The presence of hard-coded accounts that can serve as backdoors to devices. • Code obfuscation: it makes runtime analysis difficult. • Authentication: Make it difficult for unauthorized users to obtain the firmware updates. Make it restrictive, less exposed. • If the device is capable of being networked, no unnecessary services are running and ensure that it can also alert and log when firmware has been updated.

The article will explore various strategies for reversing firmware, with some examples. Finally, some best practices are mentioned. LINK here: http://resources.infosecinstitute.com/reversing-firmware-part-1/ 

The best approach would be hashing the passwords, instead of encrypting them as key management becomes an issue. Benefits of passwords in form of salted hash: ·          Real passwords are never stored/ displayed/ logged in the system ·          Salts makes dictionary attack very impractical as it’s very difficult to generate    re-computed hash table as salts are random ·          It’s easier to implement as no need of key management A general approach would be like this (when storing): ·          Generate a long random salt using cryptographically strong functions such as SecureRandom in Java, when user is first time registering himself ·          Use the above salt and hash it with the user’s chosen password using standard and ...

My article on Ajax issues: http://resources.infosecinstitute.com/ajax-security-issues/

Came across nice write up: http://resources.infosecinstitute.com/android-master-key-vulnerability-poc/

ZigBee (802.15.4) is a relatively new protocol compared to Wi-Fi (802.11), but with low power consumption and long battery life it is ideal for Home Network Systems such as thermostats etc. The reason behind ZigBee devices being low power consuming because it work on very low frequency and have a fewer commands to send compared to Wi-Fi. Since it's relatively new protocol and not much popular, there are fewer tools/ frameworks to test it. However some good software/ hardware are available. They can be purchased/ downloaded from respective sites. Atmel RZ Raven USB Stick (hardware) Atmel JTAGICE mkII On-Chip Programmer (hardware) Atmel 100-mm to 50-mm JTAG standoff adapter (hardware) 50-mm male-to-male header (hardware) AVR Studio for Windows (software, free) KillerBee Firmware for the RZUSBSTICK (software, free) A Windows host for programming the RZ Raven USB Stick (one-time operation) Issues to be looked into ZigBee: Similar to 802.11 ZigBee may also suffer from same...