Corpus ID: 13240511

Read It Twice! A Mass-Storage-Based TOCTTOU Attack

  title={Read It Twice! A Mass-Storage-Based TOCTTOU Attack},
  author={Collin Mulliner and Benjamin Mich{\'e}le},
  • Collin Mulliner, Benjamin Michéle
  • Published in WOOT 2012
  • Computer Science
  • Consumer electronics and embedded devices often allow the installation of applications and firmware upgrades from user-provided mass-storage devices. [...] Key Method The TOCTTOU attack is executed by providing different file content to the check and installation code of the target device, respectively. The presented attack effectively bypasses the file content inspection, resulting in the execution of rogue code on the device.Expand Abstract
    Lowering the USB Fuzzing Barrier by Transparent Two-Way Emulation
    • 10
    • PDF
    Untrusted Hardware Causes Double-Fetch Problems in the I/O Memory
    • 3
    • PDF
    Embedded Devices Security and Firmware Reverse Engineering BH 13 US Workshop
    Mind-Reading: Privacy Attacks Exploiting Cross-App KeyEvent Injections
    • 2
    • PDF
    A privacy protection system for HbbTV in Smart TVs
    • 21
    • PDF


    Publications referenced by this paper.
    Checking for Race Conditions in File Accesses
    • 293
    • PDF
    USB On—The—Go技术概述
    • 3
    • PDF
    CI Plus (CI+).
      Creating Content Library applications -SamyGO
        Microsoft Extensible Firmware Initiative FAT32 File System Specification, FAT General Overview On-Disk Format. http://msdn.
        • 2006
        PSGroove. psgroove/psgroove
        • 2010
        Plug and Prey: Malicious USB Devices
        • 2011
        Samsung Firmware on the GO