LAS VEGAS, Aug. 4, 2016 /PRNewswire/ -- New York City information security consultancy Carve Systems will present a simple hardware hacking technique to root IoT devices this week at the DefCon security conference. In lab testing, Carve senior consultant Brad Dixon found that roughly half of the tested devices were vulnerable to the "pin2pwn" technique, which gives an attacker instant root access. How simple is it? All that is required is a sewing needle.
"Obtaining root access is step one in any device assessment that we perform," said Dixon, adding that "pin2pwn is a shortcut that speeds up our ability to get root and move on to the important parts of an assessment: finding remotely exploitable bugs."
The details of this attack will be released at DEF CON 24 in the talk "pin2pwn: How to Root an Embedded Linux Box with a Sewing Needle". After the conference a full write-up and presentation slides will be available at carvesystems.com.
On the fact that the "pin2pwn" technique works so often, Carve CEO Mike Zusman said, "Our results underscore the reality that IoT developers often don't pay attention to edge-case scenarios that impact device security. When we test Internet-of-Things devices for clients, pin2pwn is an easy way to get root access. Root access makes it easier to find dangerous vulnerabilities that give attackers remote access to other devices, applications, and network services in the device ecosystem."
Along with details on the attack, the company will describe simple techniques that hardware developers can implement to prevent "pin2pwn."
About Carve Systems LLC
Founded in 2011, Carve Systems is a boutique information security consulting company headquartered in New York City. Carve provides penetration testing and risk assessment services for the largest financial and telecommunications companies in the world, prominent e-commerce providers and start-ups, and high-risk NGOs.
Carve's core capabilities include hardware and software penetration testing, network penetration testing, and technology risk assessment. Carve's mission is to provide a tailored, world-class option for firms that value white-glove service and security thought leadership.
Contact: Michael Zusman, mike.zusman@carvesystems.com, 201-632-3422
SOURCE Carve Systems LLC