Exploiting Embedded Devices

The goal of this paper is to introduce a persistent backdoor on an embedded device. The target device is a router which is running an embedded Linux OS. Routers are the main ingress and egress points to the outside world on a computer network, and as such are a prime location for sniffing traffic and performing man in the middle (MITM) attacks. If an attacker controls your router they control your network traffic. Generally routers have weaker security than a modern desktop computer. These 'always-on' devices often lack modern security mechanisms and are overlooked when it comes to computer security, yet these routers contain a large number of access vectors. This paper covers the process of detection, to exploitation and finally complete device modification.