XSS-to-root attack over the air: send malicious code in a Wi-Fi SSID or LoRa node name. παα||απππ
Security researcher Sasha Romijn shows how XSS vulnerabilities can be found, triggered, and exploited in infrastructure environments using quite uncommon delivery methods - 802.11 wireless communication and LoRa broadcasts.
The idea the author presents is simple but brilliant: if your device uses a web interface to display data, why canβt an attacker broadcast malicious code in fields that the interface will display - for example, a Wi-Fi SSID or a LoRa node name?
A very interesting and super practical talk - especially for environments with infrequent updates and outdated embedded browsers. :) Enjoy the presentation, and please share it with your colleagues.
More details:
Attacking Infrastructure Through Innocuous Network Protocol Fields [Youtube]: https://lnkd.in/dCR76_Jq
