Bureaucrats, dave_user, Administrators
4,650
edits
Changes
no edit summary
==Introduction==
Some weeks ago DAVE Embedded Systems Technical support service was addressed by a customer reporting a problem he was experiencing on old ARM7-based product running Linux kernel 2.4. Even the machine configuration was not changed, it suddenly became very slow when performing ordinary tasks.
A specific support ticket was created and a failure analysis was conducted in order to determine the root cause of this behavior, apparently unexplainable. It was found out that a virus - in the form of an ELF executable - was uploaded by an attacker [1]. Two instances of this executable were running when the machine when it was analyzed. These processes overloaded the processor, causing the overall slowing down of the machine, as reported by the customer. Likely this virus is used to perform further attacks such as [[https://en.wikipedia.org/wiki/Denial-of-service_attack DDoS]].
The machine was initially installed in a proprietary LAN with no access to the Internet. Then it was configured with a public static IP address and was moved to public network connected to the Internet. However, it was not verified that the original configuration is suited for such a use. From the security perspective, clear vulnerabilities such as the use of <code>telnet</code> service, combined with a weak <code>root</code> password. Thus it was trivial for the attacker to get access to the machine with <code>root</code> privileges.
This document
In the last eighteen months IoT
[1] See https://www.virustotal.com/en/file/1917f27f64fe8770e43a8087ad4529593dfb3cc4d9317ababb91e3bfea60a179/analysis/.
Security is a process, not a feature <ref name="PRQA1">PRQA, ''Addressing security vulnerabilities in embedded applications using best practice software development processes and standards'', 2016</ref>
holistic approach
analisi static del codice