SonicDoor - Cracking open SonicWall's Secure Mobile Access
Vulnerabilities in commercial-grade SSL VPN devices have been all too common in the past few years. An internal research project aimed at comparing the security level of these devices identified that SonicWall devices tend to have fewer reported vulnerabilities while displaying relatively poor security practices. This pushed us to perform additional research into SonicWall devices and determine the reason behind this counter-intuitive conclusion. This presentation will go through how we dissected the Secure Mobile Access device in search for vulnerabilities which resulted in the discovery of multiple CVEs which when combined can allow a remote unauthenticated attacker to fully compromise the device.
Presented at Security Fest 2025.
Speaker: Alain MowatAbout Alain Mowat
Alain Mowat is the Head of Research & Development at Orange Cyberdefense Switzerland. He joined the company (then called SCRT) in 2009 as a penetration tester and subsequently led the offensive security team in the same company for many years until turning towards R&D. While still performing various engagements throughout the year, Alain is also dedicated to exploring new approaches to be used by the offensive security industry to better secure client infrastructures. Aside from these activities, Alain was an active member in the 0daysober CTF team that finished 3rd at DEFCON CTF in 2015 and has responsibly disclosed vulnerabilities in multiple products such as Citrix NetScaler, SonicWall, Barracuda, Twitter and McAfee. Alain is also responsible for giving various security-related trainings at Orange Cyberdefense Switzerland and has presented at several conferences, such as Insomni'hack, where he is also one of the organisers, Secure IT VS, CyberSecurity Alliance, SIGS and Area41.
