The Insecure IoT Cloud Strikes Again: RCE on all Ruijie Cloud-Connected Devices скачать в хорошем качестве

The Insecure IoT Cloud Strikes Again: RCE on all Ruijie Cloud-Connected Devices

Ever wondered how an "Open Sesame" cyber attack would look like? Today we will show you! We have discovered an interesting attack chain on Ruijie access points - just by sniffing their WIFI beacons, we were able to exploit devices remotely, execute code on them and infiltrate into their internal network. In our talk, we will showcase our research, extracting Ruijie's firmware and researching its cloud-communication binaries. In it, we discovered a few vulnerabilities, including one that allowed us to generate MQTT passwords for all Ruijie devices. We then could impersonate Ruijie cloud services, and gain the ability to invoke an "execute-command-as-a-service" feature, giving us full control over tens of thousands of devices. In this talk, we will present our research techniques, as well as common IoT cloud pitfalls, giving attackers the ability to exploit entire fleets of devices. By: Noam Moshe | Vulnerability Researcher @ Claroty Team82, Claroty Tomer Goldschmidt | Vulnerability Researcher @ Claroty Team82, Claroty Full Abstract and Presentation Materials: https://www.blackhat.com/eu-24/briefi...