Publication detail
Security of remote management of embedded systems running MikroTik RouterOS operating system using proprietary protocols
JÍLEK, T. ŽALUD, L.
Original Title
Security of remote management of embedded systems running MikroTik RouterOS operating system using proprietary protocols
Czech Title
Bezpečnost vzdálené správy embedded systémů běžících na operačním systému MikroTik RouterOS při využitím proprietálních protokolů
English Title
Security of remote management of embedded systems running MikroTik RouterOS operating system using proprietary protocols
Type
conference paper
Language
en
Original Abstract
This paper deals with proprietary communication protocols that are implemented in the MikroTik RouterOS operating system. These communication protocols are specially designed for remote management of embedded systems that run with this operating system. These protocols are closed and thus they have not a publicly accessible documentation. In this paper the principles of their functions that are identified on the basis of realized communication analyses are described. Security risks that are associated with the use of these communication protocols are also analyzed in the paper. Attack that uses conceptual bug in the design one of these communication protocols is demonstrated on a real example. Full and unlimited access to embedded system that runs with this operating system can be obtained with this attack.
Czech abstract
Článek se zabývá proprietárními komunikačními protokoly implementovanými v operačním systému MikroTik RouterOS, které jsou speciálně vytvořeny pro vzdálenou správu embedded systémů, na nichž běží tento operační systém. Vzhledem k tomu, že protokoly jsou uzavřené a nemají tedy veřejně přístupnou dokumentaci, jsou v článku také popsány principy jejich funkce, které jsou zjištěny na základě provedených analýz komunikace. V článku jsou dále analyzována bezpečnostní rizika, která sebou přináší použití těchto proprietárních komunikačních protokolů. Na reálné situaci je ukázán útok, který využívá koncepční chybu v návrhu jednoho z těchto protokolů. Výsledkem tohoto útoku může být získání neomezeného přístupu k embedded systému na němž běží tento operační systém.
English abstract
This paper deals with proprietary communication protocols that are implemented in the MikroTik RouterOS operating system. These communication protocols are specially designed for remote management of embedded systems that run with this operating system. These protocols are closed and thus they have not a publicly accessible documentation. In this paper the principles of their functions that are identified on the basis of realized communication analyses are described. Security risks that are associated with the use of these communication protocols are also analyzed in the paper. Attack that uses conceptual bug in the design one of these communication protocols is demonstrated on a real example. Full and unlimited access to embedded system that runs with this operating system can be obtained with this attack.
Keywords
security analysis, communication protocols, communication networks, remote management, operating systems, embedded systems
RIV year
2012
Released
23.05.2012
Publisher
IFAC-PapersOnLine / Elsevier
Location
10344 Virginia Lee Dr. Centerville, OH 45458, USA
ISBN
978-3-902823-21-2
Book
Proceedings of 11th IFAC/IEEE International Conference on Programmable Devices and Embedded Systems
Edition
2012
Pages from
138
Pages to
142
Pages count
5
BibTex
@inproceedings{BUT92956,
author="Tomáš {Jílek} and Luděk {Žalud}",
title="Security of remote management of embedded systems running MikroTik RouterOS operating system using proprietary protocols",
annote="This paper deals with proprietary communication protocols that are implemented in the MikroTik RouterOS operating system. These communication protocols are specially designed for remote management of embedded systems that run with this operating system. These protocols are closed and thus they have not a publicly accessible documentation. In this paper the principles of their functions that are identified on the basis of realized communication analyses are described. Security risks that are associated with the use of these communication protocols are also analyzed in the paper. Attack that uses conceptual bug in the design one of these communication protocols is demonstrated on a real example. Full and unlimited access to embedded system that runs with this operating system can be obtained with this attack.",
address="IFAC-PapersOnLine / Elsevier",
booktitle="Proceedings of 11th IFAC/IEEE International Conference on Programmable Devices and Embedded Systems",
chapter="92956",
edition="2012",
howpublished="online",
institution="IFAC-PapersOnLine / Elsevier",
year="2012",
month="may",
pages="138--142",
publisher="IFAC-PapersOnLine / Elsevier",
type="conference paper"
}