DeepSec Video: Remote Browser-Based Fingerprinting of Local Network Devices

René Pfeiffer/ March 2, 2016/ Conference, Internet, Security

Reconnaissance is first, then comes the attack. This is why fingerprinting devices is the first step. Manfred Kaiser (Josef Ressel Zentrum) explained at DeepSec 2015 how this can be done by the local web browser(s) in the locally connected network segment. Manfred discusses remote device fingerprinting techniques for SOHO routers and other network-connected devices offering a browser-based configuration interface. While consumer network devices provided to customers by their ISPs are typically based on very few different hardware platforms, they are equipped with highly customized firmwares and thus contain different vulnerabilities. The knowledge of a specific device’s vulnerabilities is vital to the success of a remote attack. In a live demo Manfred shows how a remote attacker can exploit the feature-richness of modern web technologies (HTML5, WebRTC, JavaScript, CSS) to perform device discovery and fine-grained device fingerprinting in a local network over a web browser in preparation of a targeted attack.

.

Network defence starts inside the network, not at the perimeter. Make sure your clients cannot be exploited by players outside your network – not even while operating „normally“.