Two weeks ago, our team from Qualys Engineering participated in the Black Hat, B-Sides and DEF CON events in Las Vegas, and presented sessions on Web application security, flaws in Internet attached DVRs and introduced a tool to probe for DoS problems in web applications.
But we were mainly in Las Vegas to attend presentations to see the latest on what is going on in our field and maintain the relationships with other researchers and vendors. We saw a number of excellent presentations, so many that we had to break it up into two parts.
Here is the second pass of our favorites, click here for our first pass:
by Billy Lau, Yeongjin Jang, and Chengyu Song
Most of the security focus for iOS typically centers around embedding malicious apps … but what about the physical layer? Is that white-cased, authentic-looking Apple charger trustworthy? The presenters exploit the seemingly-overlooked USB pairing process, inject a trojaned application, and demonstrate an attack that’s invisible to the user. No fix until IOS 7. Beware the USB charging ports at public facilities.
– Kimi Ushida, Network Security Engineer, Qualys
“Evolving Exploits Through Genetic Algorithms” at DEF CON
In his DEF CON presentation soen demonstrated how Genetic Algorithms could be used to generate effective payloads for application security testing. The use of said algorithms was demonstrated on the example of SQLi fuzzer. The idea is that the fuzzer using Generic Algorithms is going to generate payloads that are getting closer to the target by evolving with each generation, and getting fitter/better at what they are supposed to do. The approach is also promising to find new exploits since the payloads it is generating are not limited to strict syntax.
– Vaagn Toukharian, Principal Engineer, Qualys
“I Can Hear you Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell” at Black Hat
by Tom Ritter, Doug DePerry and Andrew Rahimi
Most of us have heard of mobile phone interception programs in which hackers have built their own mobile phone “base station” or tower, and intercepted mobile phone communications. This talk focused on a different approach; instead of the illegal operation of cellular radio equipment, this talk demonstrated how legitimate and legal equipment provided to customers by mobile carriers could be hacked to enable the interception of mobile phone communications. The presentation provided an excellent overview of how wireless carrier provided femtocells operate and the risks that these devices present to all of us.
-Andrew Wild, CSO Qualys
“CreepyDOL: Cheap, Distributed Stalking” at Black Hat
by Brendan O’Connor
Brendan has created a low-cost method of tracking people in the physical world. Our phones, tablets, and laptops are leaking identifiable details about us everywhere we go. These virtual bread trails can be captured using innocuous looking devices plugged in to coffee shops, airports, or other public areas with wifi access. Who would ever question whether or not a carbon monoxide detector housing with a red LED belongs in those places? As demonstrated in the talk, CreepyDOL even makes it possible to identify your associates and determine your schedule.
– Lucas Sweany, Security Engineer, Qualys
“Home Invasion V2.0 – Attacking Network Controlled Hardware” at Black Hat
by Daniel Crowley, David Bryan, and Jennifer Savage
We all know that the “Internet of Things” is upon us; more and more devices in our homes are now connected to the network, from lightbulbs to thermostats to the locks on our front doors. This presentation showcased several different products designed for our homes and the security vulnerabilities in these devices. The presenters demonstrated how these devices, designed to improve our lives, can be exploited to introduce physical world risks above and beyond information loss.
-Andrew Wild, CSO Qualys
“Examining the Bitsquatting Attack Surface” at DEF CON
by Jaeson Schultz
This presentation focused on an attack surface that is considered by many as too theoretical, and too impractical to pursue. Errors in memory caused by increased temperatures data center servers or mobile clients operate in. On top of that the error has to happen in the exact area of memory that holds a FQDN. The author demonstrated the large amount of traffic that he was able to receive due to these errors. And furthermore he was able to inject his own content into pages that Google served to a very large number of clients over a long period of time using the bitsquatted FQDNs.
– Tigran Gevorgyan, Engineering Manager, Qualys