CanSecWest: Barnaby Jack Uncovers Embedded Device Security Issues

Barnaby Jack, a Juniper Networks security researcher, gave a tutorial at the CanSecWest conference here on how bug hunters can find exploitable vulnerabilities in such devices and demonstrated an attack on a D-Link router using a yet-to-be-patched hole.

"Security flaws are abundant on these devices," Jack said. "Security needs to reach further than a home PC. Insecure devices pose a threat to the entire network. Hardware vendors must take security into consideration."

There hasn't yet been a large amount of security research into the type of software Jack looks at. This is code that runs gadgets equipped with ARM, MIPS, XScale and PowerPC microprocessors. However, researchers appear increasingly interested in finding ways to attack routers and other such "embedded" devices.