Arun Mane

Security Researcher at TUV Rheinland

Arun is a Hardware, IOT and ICS Security Researcher. His areas of interest are Hardware Security, SCADA, Fault Injection, RF protocols and Firmware Reverse Engineering. He also has experience in performing Security Audits for both Government and private clients. He has presented a talk at the nullcon 2016,2017,2018 Goa, GNUnify 2017, Defcamp 2017, BsidesDelhi 2017, c0c0n x 2017, EFY 2018, X33fcon2018, BlackHat USA 2018, Defcon USA 2018 Also Trainer for Practical Industrial Control Systems (ICS) hacking training, delivered in X33fcon2018, HIP 2018 and also delivered training for IoT hacking in HITB 2017, HIP 2017, BlackHat Asia 2018 and private clients in London, Australia, Sweden, Netherlands etc. He is an active member of null – The open Security community and G4H community.

Backdooring DVR/NVR devices

Embedded devices, IoT, connected devices are growing very fast as their demand increases and innovation taking place in the industry. Due to huge demand in market, they lack in security prospect. There are many ways to attack such devices especially in DVR/NVR devices. 5 to 6 years back NSA ANT catalog leaked, they used to backdoor devices and they use to intercept/get data from the system. Due to ANT catalog leakage, Hardware implant attack were introduced in public. Although it’s an old technique to perform attack on embedded devices but its easy and proven attack and because of this some well-known researcher came with an idea called NSA playset which introduces the different kind of tools which researchers, security fellows can take advantage off and leverage their research/study/attack. In this talk, we are taking the reference of these ideas and implement a hardware backdoor by taking advantage of hardware hacking skills. Through this hardware backdoor, we can track devices, access root shell from anywhere and can stream fake videos/images on console like Hollywood style.

Presentation @DefCamp 2018