A glance from Japan on Russian traffic anomalies, ARM TrustZone errors, hacking smartphones via NFC - what PacSec had
One of the most famous information security conferences in Japan, PacSec, took place on November 12 and 13 in Tokyo. The conference is held for the 12th time together with AVTOKYO - a less formal hacker party with the international slogan “No drink, no hack”.
By Western standards, PacSec is small: this year it gathered less than 200 people, which is difficult to compare with the attendance of the same PHDays IV, which was attended by 2500.
')
Paying tribute to the " New Rose Hotel " forerunner of cyberpunk William Gibson, the speakers of Positive Technologies could not resist and tested the capsule hotel
The conference was attended by stellar speakers with already well-known presentations: Karsten Nohl presented the work “Bad USB: about accessories that turned evil” ( Bad USB - On Accessories that Turn Evil ), Brian Gorenck and Matt Molyaniaw from HP (Brian Gorenc , Matt Molinyawe) made the study “ Blowing up your fuzzer for SMS and MMS” ( Blowing up the Celly - Building Your Own SMS / MMS Fuzzer ).
Yuriko, one of the organizers of the PacSec 2014 conference in a cap with the logo of the SCADA Strangelove team
Among the new studies, first of all, you should pay attention to the presentation on the detection of anomalous announcements in the BGP protocol - one of the fundamental Internet services (Detecting BGP Hijacks in 2014), prepared by Guillaume Valadon and Nicolas Vivet . This topic is relevant in the light of errors with the redirection of Russian traffic abroad and the initiatives of the Ministry of Communications and Mass Media to increase the stability of the Runet.
Note the report on vulnerabilities ARM TrustZone - one of the security technologies embedded in popular mobile platforms. High-quality work, which revealed a lot of memory management errors that endanger the Android, BlackBerry and Windows Phone systems. It is a bit strange to see memcpy in 2014 without checking the buffer, but fact is a fact. The research is called “An Infestation of Dragons: Exploring Vulnerabilities of the ARM TrustZone Architecture,” by its authors: Josh “m0nk” Thomas ), Charles Holmes, Nathan Keltner, and Atredis Partners.
The Asian researchers who attended the conference focused on malware: Yosuke Tubati ( Yosuke Chubachi ) and Kenji Aiko ( Kenji Aiko ) presented a report on "Tentacle: Sensing Malware Sensitive to Analysis" (TENTACLE: Environment-Sensitive Malware Palpation), Ventsli, Hu (Wenjun Hu) from the main research center of intelligent networks and network security at Xi'an University spoke about the dynamic analysis of Android applications (“Hey, we catch you”).
Harri Hursti and Margaret MacAlpine spoke about the shortcomings of the Estonian ID card and electronic government of Estonia, which are particularly relevant, in their opinion, due to the massive cyber attacks on the electoral system of Ukraine. Judging by the surprised faces of the listeners, the reports of few people left indifferent. This is an extra reminder: when creating an e-government system, you need to think for decades to come, because it’s not so easy to put patches on your e-passport.
Georgy Geshev from MWR InfoSecurity ( Georgi Geshev ) in his presentation “Message Queue (MQ) Vulnerabilities” thanked Timur Yunusov and Alexey Osipov from Positive Technologies for a number of studies, including the XXE OOB technique, presented at Black Hat Europe in the spring of 2013.
As it turned out later, George has Bulgarian roots, played in the CTF for the Moscow State University team, and believes that his ability to understand Russian forums and speeches is an important advantage among British colleagues.
Interestingly, PacSec is done by the same people who organized the famous Canadian CanSecWest, known for its Pwn2Own competition. It is not surprising that a similar contest is held at the conference in Tokyo - Mobile Pwn2Own, the third in a row. Contestants with a very solid prize pool must demonstrate techniques for hacking mobile devices. Of particular interest was the category in which the attacks were carried out through NFC. Using this contactless technology, the Samsung Galaxy S5 and Google Nexus 5 managed to be hacked (Apple iPhone 5s was hacked via Safari browser). A similar pwn competition was held on PHDays IV, but applied to SCADA systems, and also brought a good result : more than ten new vulnerabilities in products such as Schneider Electric, Indusoft Web Studio 7.1, ICP DAS RTU PET-7000, Siemens Simatic S7-1200 Plc.
Positive Technologies experts also spoke at the conference in Tokyo. Sergey Gordeychik and Alexander Zaitsev showed how using special SMS messages you can call from someone else's number, get access to the self-service portal, intercept 4G traffic and even install a bootkit on the computer to which the USB modem is connected ( details here ).
A separate Habratopic will soon be devoted to the study “Root via SMS: 4G Access Level Security Assessment”.
By Western standards, PacSec is small: this year it gathered less than 200 people, which is difficult to compare with the attendance of the same PHDays IV, which was attended by 2500.
')
Paying tribute to the " New Rose Hotel " forerunner of cyberpunk William Gibson, the speakers of Positive Technologies could not resist and tested the capsule hotel
The conference was attended by stellar speakers with already well-known presentations: Karsten Nohl presented the work “Bad USB: about accessories that turned evil” ( Bad USB - On Accessories that Turn Evil ), Brian Gorenck and Matt Molyaniaw from HP (Brian Gorenc , Matt Molinyawe) made the study “ Blowing up your fuzzer for SMS and MMS” ( Blowing up the Celly - Building Your Own SMS / MMS Fuzzer ).
Yuriko, one of the organizers of the PacSec 2014 conference in a cap with the logo of the SCADA Strangelove team
Among the new studies, first of all, you should pay attention to the presentation on the detection of anomalous announcements in the BGP protocol - one of the fundamental Internet services (Detecting BGP Hijacks in 2014), prepared by Guillaume Valadon and Nicolas Vivet . This topic is relevant in the light of errors with the redirection of Russian traffic abroad and the initiatives of the Ministry of Communications and Mass Media to increase the stability of the Runet.
Note the report on vulnerabilities ARM TrustZone - one of the security technologies embedded in popular mobile platforms. High-quality work, which revealed a lot of memory management errors that endanger the Android, BlackBerry and Windows Phone systems. It is a bit strange to see memcpy in 2014 without checking the buffer, but fact is a fact. The research is called “An Infestation of Dragons: Exploring Vulnerabilities of the ARM TrustZone Architecture,” by its authors: Josh “m0nk” Thomas ), Charles Holmes, Nathan Keltner, and Atredis Partners.
The Asian researchers who attended the conference focused on malware: Yosuke Tubati ( Yosuke Chubachi ) and Kenji Aiko ( Kenji Aiko ) presented a report on "Tentacle: Sensing Malware Sensitive to Analysis" (TENTACLE: Environment-Sensitive Malware Palpation), Ventsli, Hu (Wenjun Hu) from the main research center of intelligent networks and network security at Xi'an University spoke about the dynamic analysis of Android applications (“Hey, we catch you”).
Harri Hursti and Margaret MacAlpine spoke about the shortcomings of the Estonian ID card and electronic government of Estonia, which are particularly relevant, in their opinion, due to the massive cyber attacks on the electoral system of Ukraine. Judging by the surprised faces of the listeners, the reports of few people left indifferent. This is an extra reminder: when creating an e-government system, you need to think for decades to come, because it’s not so easy to put patches on your e-passport.
Georgy Geshev from MWR InfoSecurity ( Georgi Geshev ) in his presentation “Message Queue (MQ) Vulnerabilities” thanked Timur Yunusov and Alexey Osipov from Positive Technologies for a number of studies, including the XXE OOB technique, presented at Black Hat Europe in the spring of 2013.
As it turned out later, George has Bulgarian roots, played in the CTF for the Moscow State University team, and believes that his ability to understand Russian forums and speeches is an important advantage among British colleagues.
Interestingly, PacSec is done by the same people who organized the famous Canadian CanSecWest, known for its Pwn2Own competition. It is not surprising that a similar contest is held at the conference in Tokyo - Mobile Pwn2Own, the third in a row. Contestants with a very solid prize pool must demonstrate techniques for hacking mobile devices. Of particular interest was the category in which the attacks were carried out through NFC. Using this contactless technology, the Samsung Galaxy S5 and Google Nexus 5 managed to be hacked (Apple iPhone 5s was hacked via Safari browser). A similar pwn competition was held on PHDays IV, but applied to SCADA systems, and also brought a good result : more than ten new vulnerabilities in products such as Schneider Electric, Indusoft Web Studio 7.1, ICP DAS RTU PET-7000, Siemens Simatic S7-1200 Plc.
Positive Technologies experts also spoke at the conference in Tokyo. Sergey Gordeychik and Alexander Zaitsev showed how using special SMS messages you can call from someone else's number, get access to the self-service portal, intercept 4G traffic and even install a bootkit on the computer to which the USB modem is connected ( details here ).
A separate Habratopic will soon be devoted to the study “Root via SMS: 4G Access Level Security Assessment”.
Source: https://habr.com/ru/post/243627/
All Articles