Attackers routinely exploit vulnerabilities in computer systems to inject malicious code. For example, attackers can gain access to an internal network with the use of spyware or rootkits. Such software can be easily installed on computer systems from physical or digital media (e.g., email, downloads, etc.) and can provide these attackers with administrator or “root” access on a machine along with the capability of gathering sensitive data. In particular, attackers can snoop or eavesdrop on a computer or a network, download and exfiltrate data, steal assets and information, destroy critical assets and information, and/or modify information. Rootkits have the ability to conceal themselves and elude detection, especially when the rootkit is previously unknown, as is the case with zero-day attacks.
These attackers also have the capability to attack networked embedded devices, such as routers, access points, modems, network webcams, network printers, conferencing units, voice over Internet protocol (VOIP) adapters, and virtual private network (VPN) devices. A network of computers that has been infected with malicious code, where each infected computer can be controlled by an attacker often without knowledge of the infected computer's owner is generally referred to as a botnet and these networked embedded devices can be used in botnets. For example, networked embedded devices can be compromised using out-of-the-box default passwords and used in botnets, where, in many instances, embedded devices are the core communication components of a networked system.
In response to these threats, many computers are protected by antivirus software and firewalls. However, these preventative measures are not always adequate. In particular, traditional antivirus software does not work on embedded devices and, generally speaking, these embedded devices are not built with security in mind. Moreover, the code or firmware on these embedded devices is often proprietary and undisclosed to third parties. Accordingly, updating and modifying device firmware for different embedded devices is a difficult task.
There is therefore a need in the art for approaches for injecting code into embedded devices. Accordingly, it is desirable to provide methods, systems, and media that overcome these and other deficiencies of the prior art. For example, methods, systems, and media are provided that protect embedded devices against exploitation by injecting and modifying the code of the embedded device without altering the behavior of the embedded device and without prior knowledge of function entry points or other memory information in the embedded device.