Tuesday, August 23, 2016

Four Common Places Where Vulnerable MIPS Systems Are Hiding

Security vulnerabilities are lurking in common places with the flood of highly advanced computers in devices all around us. These vulnerabilities can have a big impact on a lot of things such as people, processes, and “things”. Not only do these devices lack adequate security attention as compared to popular office software suites, advanced hacking groups such as nation states are also focusing on efforts to circumvent these embedded devices. A common problem found with embedded devices include a lack of security such as not having reliable updates to firmware. This spells trouble as computers become cheaper with more capability and are used in more places to automate and support business initiatives.
In a recent news story, we saw that the Equation Group recently had some of their exploits leaked by another group. In an analysis by Moyix, we see the Equation Group focused not only on exploiting software on common computer architectures like Intel x86 and x86-64, but also ARM and MIPS as below:

Many security professionals focus on x86 and x86-64 system exploitation but focus less on the ARM and MIPS architectures. Based on anecdotal evidence, if analysis is done on an embedded device CPU architecture, ARM is usually the focus of research efforts. As we can see above, even advanced groups such as Equation Group focus on learning and exploiting both ARM and MIPS systems.
Embedded devices with a MIPS chip is a common occurrence that can be found in many places. Here are four common scenarios where MIPS is used and where vulnerabilities can be hiding:
  1. Home Network Routers

    Typically, home network routers that connect wired and wireless devices to the internet are powered with a MIPS chip. With these potentially vulnerable devices, there is a good chance that unless the router is set to automatically download and install firmware, the stock firmware is still in place once the router is installed. While some vendors may release updated firmware, the hardware devices may not make the update process intuitive or seen as a critical step needed to be taken. To add upon that, hardware vendors are constantly refreshing the product lines and may stop supporting devices with security updates as even as one year old. Consumers are left with options such as installing custom firmware from places like OpenWRT to remediate software vulnerabilities or buying new hardware.

    As consumer electronics become cheaper and have more widespread usage, similar devices are also going into ICS/SCADA facilities to help automate their workloads. When once manual operations and on-site OT personnel were needed, these operations are being replaced with far more cost effective embedded devices. These embedded devices can relay and sometimes perform, the same actions as their previous OT technicians. As a result of this new need from ICS/SCADA industries, a flood of devices have entered each market. Unfortunately, these devices are not always held up to the same scrutiny as the devices available from major vendors such as Rockwell Automation, Siemens, and more. The devices could be running a MIPS processor, an ARM processor, or even an AVR processor. The ICS/SCADA industry spreads across many verticals such as amusement parks, water reclamation facilities, and energy distribution so the need of secure and safe devices is critical.
  3. IoT / Mobile Devices

    Mobile devices are common and highly accessible across the world that use MIPS, ARM, and other processors. Devices such as Android phones and tablets are highly customizable and can run on low-end hardware which enables more device acquisition across the world. As these devices thrive and proliferate across the world, the goal of device availability is more important than ensuring they are secure. However, these devices enable security analysts with lots of opportunity to research and report vulnerabilities with a low cost to start research in the embedded field. Low-cost Android tablets available on Amazon include tablets (while not specifically MIPS) from Alldaymall and Dragon Touch (both roughly $40 each) which could potentially hold vulnerabilities with a low cost barrier of entry.
  4. Automotive

    A more intelligent car has more features to appeal to potential buyers. As more features are implemented in vehicles, more computers and/or processing power is necessary to enable these features. Processors like MIPS, ARM, and others power these features in vehicles to provide a better experience to drivers. Automobile manufacturers like Tesla use MIPS processors to power various features such as the Automated Driver Assistance Systems (ADAS) and detection of objects on the road. While the manufacturing processes have been focused and refined for decades, the introduction of advanced computers and custom software has not had the same amount of time to mature and develop. The barrier to entry for investigation into this segment of the embedded market makes research more difficult than research into a home router. However, this does not mean that the security in vehicles are impenetrable. As we have seen with recent research into automobile security, we still have more work as a community to help us stay secure.

Making sense of a new computer architecture such as MIPS and then understanding security issues can be daunting. Learn MIPS and software security at:


No comments:

Post a Comment