Thursday, August 18, 2011

Blackhat US 2011: Impressions

I attended my first BlackHat conference a couple of weeks ago in Las Vegas. It was an interesting experience and I thought I’d share some of my thoughts.

The first thing that hits you when walking into the convention center at Caesar’s Palace in Las Vegas is the incredible number of people – some ten thousand attendees. I spent over an hour in the morning of the first day waiting in line to register – despite the good organization.

The second thing that you notice is the diversity.  Perhaps not diversity of gender (>90% male), race (>90% Caucasian/Asian) or age (>90% under 40) but a diversity in the roles. You have young academics and hackers, you have security vendors (a whole lot of them in fact) and you have a few potential security clients (who all these vendors are trying to sell to). Not to mention the surprisingly large number of journalists.

The age demographic raises the question of why hacking is a field for the young.What happens to all these talented people when they grow up? Is it that hacking is done mainly as a hobby, and adults don't have spare time to invest in hobbies? Is hacking a social activity that brings young people together - and is therefore less attractive to older people who prefer to socialize with their peers? Is it the fact that to hack something you need to come with a fresh mind and not be ingrained with preconceptions? Whatever it is, at the ripe age of 37 I felt like an old geezer at the conference.

Not surprisingly, mobile device hacking is a very popular subject this year. For example, Stefan Esser’s “Exploiting the iOS Kernel”, which was quite technical and specific, had a full house (of which I would guess 90% didn’t understand what he was talking about when he described the detailed attacks). Almost every security company in the tradeshow claims that they’ve extended their solution to mobile devices – and RIM even had a stand (though the person I talked to had almost no understanding of the security aspects of Blackberry devices).

Another interesting area was government initiatives. The organizers tried to promote hacker community cooperation with the (US) government through the two key notes and through specific sessions. The second key-note, by Mudge, was interesting in that he explained why the government can’t win the race against hackers and needs the help of the community to achieve common goals. I suspect that even with such collaboration with the community the government can't win the battle at a technical level, and must concentrate the efforts on reducing hacking incentives and rewards.

Karsten Nohl and Chris Tarnovsky presented an attack on the memory scrambling unit of a certain widely used smart card chip which they did not name (though knowledgeable people in the audience could guess). Because the key used for scrambling the ROM of this chip resides itself in the same ROM, the security of the scrambling scheme is entirely dependent on the secrecy of the algorithm. By photographing the layers of the chip, identifying the memory scrambling block and using the open source hardware reverse engineering tool Degate they discovered the algorithm and thus defeated the mechanism.

So what’s new in the area since Karsten’s Mifare Classic attack of 2007? Surprisingly not that much. One point made was that the Degate tool is progressing but it is still only where IDA was 15 years ago – a version  1.0 or even just an alpha. Another point is that even a full grade modern smart card chip suffers from the same kind of vulnerabilities as the old and feeble Mifare Classic chip.
The Register gave this presentation a sensational headline.

Thomas Ptacek and Mike Tracy gave a session on “Crypto for (Web Application) Pentesters”. Their basic point was that (most?) developers don’t have enough of an understanding of cryptography to use it correctly. Two typical quotes: “Developers should never use crypto – it doesn’t work for them” and “When things are encrypted – they’re probably broken.”

They showed several examples of badly used cryptography, all of them well known for many years, but not to the lay developers’ community. The developers (1) use ECB mode (to be more precise, mix user data and secret data on the same block), (2) reuse XOR PADs in stream ciphers (e.g. by repeating nonces), (3) append a secret key to the beginning of a message to generate a MAC and (4) allow Diffie-Hellman key exchange with the trivial value (0).

An interesting terminology (I think) they invented was “Hollywood-style” code breaking. Many movies present codes being cracked one character at a time. Though this is usually nonsensical when using modern digital cryptography, there are systems in which due to a weakness in the usage of a cipher the code can in fact be cracked one byte at a time. For example, timing attacks typically allow an attacker to reveal a secret bit by bit. They called this “Hollywood-style” code cracking.

Andy Davis presented his work on USB fuzzing. Andy went through the process in which he developed tools, starting from an Arduino-based USB HID class fuzzer and culminating with his Frisbee software for using commercial USB packet analyzers for fuzzing. Historically most USB fuzzing (and hacking) has been done against the hosts (e.g. PC, game console, TV), either because there are more attack vectors (the USB devices’ responses are more varied than the USB hosts’ requests) or because it’s easier to develop tools for this.  His new tools allow fuzzing devices as well (though he didn’t state if he’s done this).

Using these tools Andy found probably exploitable bugs in Windows 7, Solaris11, XBOX 360 and Apple OS X USB drivers – i.e. every device he ran the fuzzer on. When presenting his results to the companies he found that they weren’t taking USB hacking very seriously receiving such responses as “since this requires physical access it’s not something that we will fix in a security update” or “we think we’ve fixed this issue, but we’ll need to get you to test it as we don’t have the ability to replicate your attack”.

Andy answered the obvious question – “How significant can USB hacking be considering that you need physical access to the device you’re hacking” and gave several examples of security applications which don’t assume the attacker has physical access including device jailbreaking, unlocking a password-locked workstation and endpoint protection software.

A team from Lookout Mobile Security presented statistics on the amount of time it takes to patch major security holes in Android devices. They found that the average half-life of a vulnerability (i.e. the time it takes until half of the devices in the field have received a patch) is more than half a year, though this does vary significantly depending on the specific device. It’s not clear if the variability is a function of the OEMs, the operators or the en-users (which also need to accept the patch for it to take affect).

A few other interesting sessions included:
  • Dino Dai Zovi presented a security evaluation of iOS
  • Artem Dinaburg presented a technique to exploit RAM errors to catch faulty DNS requests
  • Gal Diskin from Intel presented a Binary Instrumentation Engine for x86 CPUs called PIN
  • Michael Sutton presented a vulnerabilities in consumer products with embedded web servers
Of source the most interesting part of such a conference are not the formal presentations but the private chats. Those will remain private :-)

    No comments:

    Post a Comment