11/19/2015

Talk at DeepSec 2015

On November 20th, Manfred Kaiser will give a talk at DeepSec in Vienna:

Title: Remote Browser-Based Fingerprinting of Local Network Devices
Abstract: In this talk we discuss remote device fingerprinting techniques for SOHO routers and other network-connected devices offering a browser-based configuration interface. While consumer network devices provided to customers by their ISPs are typically based on very few different hardware platforms, they are equipped with highly customized firmwares and thus contain different vulnerabilities. The knowledge of a specific device’s vulnerabilities is vital to the success of a remote attack. In a live demo we show how a remote attacker can exploit the feature-richness of modern web technologies (HTML5, WebRTC, JavaScript, CSS) to perform device discovery and fine-grained device fingerprinting in a local network over a web browser in preparation of a targeted attack.