1

When you manage some device over serial the connection is in general bidirectional. But usually the host manages the client by sending commands over the serial connection.

Is there some easy way for some kind of reverse management? Can attackers inside the managed client exfiltrate data from the managing device?

Does a device being managed over serial know that something is attached on the other end (without running any commands)? With ethernet you know at the physical layer that two ends are connected, but serial?

schroeder
  • 123,438
  • 55
  • 284
  • 319
hadnolunchyet
  • 11
  • 2
  • It depends. As an old dinausor I was used to fully administer servers through serial lines, through good old video terminal like VT100 or VT220, and later from PC via the kermit terminal emulator. So YES a host can be fully controled from a serial line. It depends what application manages the serial line... – Serge Ballesta Nov 03 '21 at 22:03
  • I'm not sure we mean the same things. Client in my case = the machine you connect to. Host = The machine which you use to manage the client (entering commands, viewing logs). You managed the server via video terminal or PC but you did not administer the the PC from the server. Commands usually are run in one direction. I did not yet come across anything else. – hadnolunchyet Nov 04 '21 at 15:59
  • The convention is that the client is the initiator of the connection, and the host is a server that passively waits for connection from clients. Do you mean that you are just using an opposite convention in your post? In that case it is almost the same: it depends on the *thing* that is used to send commands and the protocol between slave and master. It could implement a reverse channel... – Serge Ballesta Nov 04 '21 at 16:09
  • Sorry, I was not aware of the convention. Client would be host in my case and vice versa. I don't know how many protocols exist. I'm thinking about the "normal?" rs-232/uart connection which is used e.g. for connecting to embedded devices. Maybe an example would help: A PC using some FTDI232 USB-UART-adapter is connected to the serial header on a router. On the PC you run putty, log into the router, read logs, run commands ... . Can the router do the same to the PC using the same connection? Does the router know the PC is "attached" to it? How could it know? – hadnolunchyet Nov 04 '21 at 20:04

1 Answers1

0

A host that accepts connections from a client through the serial port is no different than a host that accepts connections from a client over TCP - in that it may be possible for a malicious client to exploit a vulnerability in the host and compromise the host.

For example, a host that accepts incoming connections through the serial port must be protected against buffer overflow attacks (which were very common in servers that accept incoming TCP connections, and still are to some degree), or else a malicious client connecting to the host through the serial port could potentially cause a buffer overflow. As another example - if there is a database involved in the service that the host is running, then sql injection attacks (which are notorious for being deadly when it comes to data exfiltration) may be possible, regardless of whether the connection is by TCP or serial.

Having said that, an attack through the serial port may be less likely in the real world, simply because of proximity reasons. Whereas an attacker launching an attack through TCP could be halfway around the world, an attacker launching an attack through a serial cable would be at most 50 feet away.

mti2935
  • 19,868
  • 2
  • 45
  • 64
  • Depends. When you manage an online machine through serial console from an "offline" host the attacker can still be miles away. I was wondering if some kind of reverse management is part of the protocol. – hadnolunchyet Nov 03 '21 at 18:36
  • Is that some kind of serial connection over TCP configuration? – mti2935 Nov 03 '21 at 18:55
  • No. The client is just some device which has both an ethernet NIC and a serial header. The NIC is used for connecting to the internet, the serial header is used by the managing host (which is "offline") for managing the device over serial. – hadnolunchyet Nov 03 '21 at 19:26
  • If you have an internet connected machine plugged into an offline computer via serial cable, it's not offline. And it would make little "real world" sense. – ThoriumBR Aug 01 '22 at 18:24