Over the past couple weeks, I’ve been spending a lot of time hacking on various embedded devices to figure out how they work and perhaps identify a couple vulnerabilities in the process. One of the fun parts about this experimentation has been exploring how to get terminal access to these devices, seeing what type of software they are running and interacting directly with the underlying operating system. Once you have access to the operating system via the terminal, most of the same techniques for vulnerability assessment still apply.
I recently read an article on the /DEV/TTYS0 blog about reversing serial ports and found the process described there to be very practical for getting terminal access to a variety of different devices. Today I’ll be sharing my recent experience of getting terminal access to the Cisco Linksys E-1000 platform, one of the more popular home routers in use today, and the process I took to get terminal access to the device. I won’t be talking about any vulnerabilities in this platform, but I’m hoping that in the not too distant future, myself or one of my team members will be able to share some of our findings on devices in this space once the necessary vendors have been notified and patched accordingly.