How I got remote root shell on a Helium crypto miner

I’ll show you the tools and tactics used to get root on a Helium crypto miner. These miners generate up to 1,000 USD per month. Supposedly, they are locked down very limited user access) with a rigorous approval process. The same tools and tactics can be used for any network target. Helium ($HNT) is currently the 50th largest cryptocurrency with a market cap of around $3 billion. There are about 700,000 Helium miners on the block chain. When deploying Helium miners, I got curious about how secure they were. I used open source tools to collect information on the device and found an unprotected API endpoint, that could be accessed over the network without authentication. This endpoint allowed me to enumerate and add cron-like jobs, but I had very limited ability to see the result of the commands I submitted. Some tweaking allowed me to exfiltrate small bits of information, which allowed me to find out how to exfiltrate larger amount of information. Eventually, I had an interactive root shell.

Presented at Security Fest 2022.

Speaker: Mikael Falkvidd

About Mikael Falkvidd

Mikael Falkvidd

Mikael works as a CTO-as-a-service consultant at Devies Cloud and Engineering, which means he advises and coaches multiple tech companies to take them to the next level. He is also an amateur radio licensee, OWASP Gothenburg board member, MySensors open source project core team member, and satellite programmer and -listener.

Get all relevant information and news regarding Security Fest, when we release recordings of talks, etc.