Unhinging Security on the Buffalo TeraStation NAS

Ian Sindermann

Ian Sindermann

Speaker Bio

Ian Sindermann is an associate security analyst at Independent Security Evaluators (ISE), where he conducts rigorous security assessments of various computer hardware and software products. With a primarily self-taught education and prior experience as a wannabe sysadmin, his background lies in web application security, IoT devices, and *NIX systems. Insatiable curiosity has led to a variety of other interests including hardware hacking, mainframes, legacy systems, and whatever tech obscurities he can get his hands on.

Presentation

Often times it only takes a small oversight to cause a vulnerability, even when it comes to severe vulnerabilities. The Buffalo TeraStation NAS demonstrates this idea beautifully in that it has a variety of features that do just a tad more than they should. Using these oversights as examples, I’ll provide an overview of the thought processes, mindset, and skills used to turn happy little oversights into happy little shells. There will be an abundance of facepalms and IoT war stories, and if that wasn’t enough, there’s a good chance these vulns will still be unpatched.