Black Hat 2014: How to crack just about everything
From mobile phones and cars to IPv6, security researchers have turned their skills against a world of technology
As the world’s best security experts descend on Black Hat USA 2014 this month, they must be rubbing their hands in anticipation of their colleagues' upcoming revelations about the latest means to crack a range of devices and flaws they’ve found in trusted protocols. Here is a sampling of some of the hottest presentations and defensive measures speakers will release in order to block the attacks they describe.
Cracking individual car networks isn’t new, but a talk by Twitter security engineer Charlie Miller and IOActive Security Director Christopher Valasek took a comprehensive look at the security of these networks from different manufacturers. They said whether some cars are more secure from remote compromise than others, whether the security has got better or worse in the past five years and how cars can be better protected from attacks.
Researchers Alva Duckwall and Benjamin Delpy demonstrated how thoroughly Kerberos can be compromised in real-world conditions. They said that with the loss of the right hash, Kerberos can be compromised for years after an attacker gains access. “Yes,” they say, “it really is that bad.”
A researcher showed how an Android flaw lets malicious applications escape Android’s app sandbox and gain security privileges without notifying the user. Jeff Forristal has disclosed the bug to Google, which has issued afix, but it may still exist in un-patched versions. At Black Hat he released a security tool to help users scan for risk of the vulnerability on their devices.
4. Mobile broadband modems
It’s convenient to plug broadband modem dongles into laptops, but they can prove to be the path to compromising sensitive information and becoming a link in the chain of multi-stage attacks. Andreas Lindh, a security analyst with I Secure, demonstrated relatively easy web-based attacks for profit and show why it’s easy to be a criminal on the internet. He also had suggestions about changing the approach to new consumer technology that takes security into account.
The benefits of Big Data have businesses jumping into it with both feet, but perhaps they’re doing so with too little circumspection, according to Davi Ottenheimer, EMC senior director of Trust. He even has a term for it – getting Hadoopy. He said he’ll do a survey of big data systems and point out the most difficult challenges they present as well as the best solutions developed so far.
6. USB devices
USB devices have become plentiful and a part of every day computer use, but that has led to complacency about how secure they are. Cryptographer and security researcher Karsten Nohl and Jakob Lell, a security researcher at SRLabs, introduced a new form of malware that operates from the controller chips inside USB devices. Common USB sticks can be reprogrammed to imitate other types of devices in order to spy, steal data or take complete control of a victim's computer. They plan to demo such a compromise with a virus they say is undetectable with current defenses. They point to where fixes to the USB stack are needed.
A mysterious vulnerability led Bitcoin to the brink of collapse in 2011. Now Daniel Chechik and Ben Hayak, security researchers at Trustwave, have taken a closer look at the problem that affected Silk Road, MTGox and perhaps many more trading websites and they’ve figured out how to exploit the flaw that led to compromises that were referred to as transaction malleability. They plan to demo how to take advantage of the vulnerability.
8. Home alarm systems
Radio frequency controllers for home alarm systems are a convenience but one that can be exploited easily using a device Qualys researcher Silvio Cesare built. For about $50, the Arduino and Raspberri Pi-based device could capture and replay the codes used to disable the alarms. He showed how physically tampering with the system by connecting a device programmer attackers can read the password that enables and disables the alarm. Mitigation is relatively easy: buy good systems.
9. Mobile phones
Control protocols used by service providers to communicate and control mobile phones can pose a risk. Mathew Solnik and Marc Blanchou, both researchers with Accuvant Labs, have reverse engineered these controls to learn how they work. Their research revealed flaws in how the communication is handled and implemented. They demonstrated how over-the-air code execution can be performed on GSM, CDMA and LTE networks that can affect Android, iOS, Blackberry and embedded machine-to-machine devices. The pair plans to release tools for protecting against these threats.
Independent security researchers Antonios Atlasis and Enno Rey note that many security devices are configured for IPv6 even though they are being used only for IPv4 traffic, and that introduces security issues. They presented three techniques for exploiting minor details in the IPv6 protocol that can prevent security devices - such as intrusion detection and prevention systems - from detecting any kind of attack. They discussed security implications for other devices such as firewalls and mitigation techniques to protect against the exploits.
11. iPhones and iPads
A Georgia tech team of researchers led by Yeongjin Jang planned to disclose how to jailbreak the latest version of iOS by exploiting vulnerabilities left by incomplete patches. They showed how to use these vulnerabilities to discover new avenues of attack, which they will use to run unsigned code outside the sandboxes on the devices. They say they will release several new vulnerabilities and the exploit techniques they developed.