Hackers of India

Attacking Backup Software

By  Nibin Varghese  on 15 Feb 2012 @ Nullcon


Presentation Material

Abstract

Backup software is a valuable asset for any organization. These softwares runs on a large number of systems in an enterprise. The main functionality for these softwares is to provide back up and recovery options for the critical data that belongs to the enterprise. The hosts requiring these back up services communicates with a back up server over the network. The different modes of operations between the server and client would be a pull model where the server connects to the client or a push model where the client connects to the server. If the communication between the server and client is not validated properly, there can be different vectors of attack that can be conducted on these softwares. This paper would explain an attack on Symantec Back-up softwares (CVE-201 1-0546, BID:47824) where it was possible to do a man in the middle attack to steal information from host machines. The bug was very critical and complex as it affected a major architectural flaw of the application on how it validated the host machines before a back up operation was initiated.