Hacking the Supply Chain - The Ripple20 Vulnerabilities Haunt Tens of Millions of Critical Devices

Explore a Black Hat conference talk detailing the discovery and exploitation of Ripple20, a series of critical vulnerabilities affecting millions of IoT devices across various sectors. Delve into the intricacies of supply chain security, DNS protocols, and exploitation techniques used to compromise devices from major vendors. Learn about the far-reaching impact of these vulnerabilities on industrial controllers, power grids, medical equipment, and more. Gain insights into the technical aspects of the research, including DNS parsing logic, integer overflow, memory leaks, and heap shaping. Understand the implications of these security flaws for the IoT ecosystem and the importance of addressing supply chain vulnerabilities in critical infrastructure.

Intro
Supply chain
Why Treck TCP/IP?
Ripple20 Research
About CVE-2020-11901
DNS Primer: The Basics
DNS Primer: Record Types
Domain Names Encoding
DNS Message Compression
DNS Parsing Logic Type MX
DNS Label Length Calculation
Vulnerability #1: Read Out-Of-Bounds
Integer Overflow
Fixing the Read Out-Of-Bounds
Bad RDLENGTH
Artifact: Memory Leak
CVE-2020-11901: Summary
Target Device
Vulnerability Recap
Exploitation Technique
Overflow Target
CNAME Processing
Controlled Pointer Write
Linear Overflow
Heap Shaping
Pointer Write Limitations
Overwriting a Far Call
Payload Trigger