I recently found myself requiring to downgrade the firmware on the lab's in-house IP camera. Attempts at trying to do so using the 'Upgrade Device Firmware' utility from the UI (pictured below) failed. (Might sound counterintuitive, but it was also the obvious thing to try). Some Internet searches later, it appeared that a downgrade might be possible using a serial connection. It was time to get se-real. In this post I detail how I went about doing this. 1. Solder connections to IP Camera Serial Pins In order to set up the serial connection,... [Read More]
by RSS Ruchna Nigam  |  Nov 19, 2014  |  Filed in: Security Research
While the Shellshock story is taking the media by storm, and as the reports of exploitation in the wild start to emerge, some questions about the worse-than-heartbleed infamous bug remain unanswered. "Will there be a Slammer-like worm owning half of the Internet within a few hours?", "Besides Apache, DHCP and SSH, are there other ways to remotely set environment variables?", "Has the NSA known about it for 20 years?", "Are iOS and Android vulnerable?"... While here at FortiGuard Labs, we have our own opinion on all of these questions, the one we... [Read More]
by RSS Guillaume Lovet  |  Sep 26, 2014  |  Filed in: Security Research
We are pretty busy these days with malicious samples on Android. You probably haven't missed DroidDream (Android/DrdDream.A!tr) which trojaned several applications on the Android Market and several blog posts on the matter: Lookout explains how the malware was discovered, which applications it targets and whether you should be concerned or not. By the way, we thank them for sharing samples with us. AndroidPolice explains the malware uses the rageagainstthecage root exploit, and that malicious applications have been pulled out of the market Kaspersky... [Read More]
by RSS Axelle Apvrille  |  Mar 03, 2011  |  Filed in: Security Research