Blog‎ > ‎

34C3 - TUWAT - Talks - Part 2

posted Jan 28, 2018, 1:30 AM by Sami Lehtinen   [ updated Apr 22, 2018, 9:46 AM ]
  • DPRK Consumer Technology. Year of desktop Android? Red Star (OS) GNU/Linux. DRM and Encrypted PDF files. Decryption and cipher details, re-implemented in Go. Binary code hacking, no source available. Removing secret watermarks from files. Nice talk, but nothing really amazing. Good basic reverse engineering.
  • Protecting Your Privacy at the Border - Traveling with Digital Devices in the Golden Age of Surveillance. Basic solution is not to take anything really private with you. That's obvious. Let's see what the talk provides. Border Checks at areas like: EU, UK, Canada. At borders they claim right to obtain and require passwords. Situation is worst at authoritarian countries like:  Russia, China, Middle East, Turkey. Detaining people for using encrypted communications. United States can deny entry, if you won't give out passwords for your devices & data. Border Crossing Threat Models. Sensitivity of Data. Remember to plan and prepare before arriving at the border. Now it came, what I started with. "Don't bring it". Leave your devices and data at home. If you need data, use encrypted cloud service. Don't carry the data over the border with you. Just one pro-tip compared to the slides, if you got sensitive data, deleting it isn't enough. You'll need to wipe it, or preferably use clean devices, etc. Don't escalate the situation. Don't lie to border agents. Don't consent anything, if it's not required as order. If you for some reason gave any passwords, go and change all of those and related passwords. Then to Technical Protection Measures. Cellbrite. Use full device encryption with strong passphrase. Of course only protects you data in rest. iPhone Secure Enclave. File Locker, dm-crypt, BitLocker. Do not use fingerprint unlock. Always turn devicve of for border crossing. Trusted Boot, TPM, TPMTOTP. Secure Deletion Caveats. BleachBit, scrub, wipe. Don't trust secure deletion, it's imperfect on multiple levels. High risk of failure. Cloud Storage Risks. Power of Subpoena. Provide often only in transit security. Do use secure pre-cloud encryption. Zero knowledge encryption. Nothing new in this talk. All the basic stuff.
  • SCADA - Gateway to (s)hell - Hacking industrial control gateways (ICS), Programmable Logic Controllers (PLC), Remote Terminal Unit (RTU). Security model is air gapping, which unfortunately often isn't true. Closed M2M networks, which you can often break in by stealing one of the devices and using it's SIM card. Started with classic firmware reverse engineering and decryption. of Moxa W2150A. Nice work. Lol, gaining root access by pressing enter key. Good find. Sounds like Apple. ;) HTTP, Telnet, SNMP, configuration protocol. But what's wrong? Cross-site scripting, Cross-site request forger, insecure authentication, command injection, stack overflows. - Sounds like just normal project, everything is more or less broken, if you just go and take a closer look. 90% of devices use default credentials. - Command injection, stealing passwd file using ping test. All classic fails. Trivial denial of service attacks and stack overflow. moxa_pwn. Remote trival root shelling of the device. Was this Internet of Sh*t? Seems to be so. Next device Advantech EKI-1522. Finding remote code execution quickly from firmware alone, without having the device on hand. Serial console as root, without password again. Also HTTP, configuration protocol (UDP), telnet, SNMP. With Cross-site scripting,Cross-site request forgery, Command injection, Broken authentication. Unlocking device from one computer disables authentication for everyone. Stack overflow in other protocol. Advantech_pwn. Remote root shell on advantech device. Nice. Last Lantronix EDS2100. It was mentioned in device description that it's secure device. HTTP, Telnet, SSL, SSH, FTP, TFTP. Cross-site request forgery, Configuration injection, Authentication bypass. Lantronics_pwn. Many devices are even worse, they said. On some devices you can just get root password via SNMP walk. Summary, Trivial vulnerabilities in most devices. no mitigations whatsoever. Some vendors do not respond to vulnerability reports. Never directly expose these systems to the Internet. Do not use WiFi / GPRS without additional encryption. - Very nice talk, with totally expected results. Things aren't secure, and that's the absolute norm.
  • Cryptocurrencies, smart contracts, etc.: revolutionary tech? by Zooko. Zcash. Bitcoin, Ethereum, blockchain, cryptography, Lightning Network. Long talk with good info. Such a topic, I don't know if I even have strong personal opinions about this. Any opinion can be easily argued against, so it's pointeless to even start discussion.
  • Watching the changing Earth. Started with Gravity, gravitation and geodesy. GRACE satellite gravity measurement project. Gravity field mathematical presentation.Measuring from space Greenland Ice Mass Loss. Satellite Radar Altimetry. Thermal expansion of water. ARGO float network. Components of sea level rise. EGSIEM and ICGEM.
  • How risky is the software you use? - CITL: Quantitative, Comparable Software Risk Reporting. Quite mathematical and theoretical talk. No thoughts or comments.
  • 1-day exploit development for Cisco IOS - MIPS architecture, debugging Cisco IOS.
  • Reverse engineering FPGAs - FPGA hardware and logic gate basics. Lot's of technical reverse engineering, but nothing which I would probably do anything with.
  • Science is broken. Great topic, there's so much discussion about contradicting and or weakly proven research. Randomized Controlled Trial (RCT). Publication bias allows you to create something out of nothing. Long list of different ways how statistics and science is broken. Nothing new really, I think. Same issues have been reported over and over again. Are interesting results better than right results? After all the talk didn't reach deep conclusions and was left bit light, personal opinion.
  • LatticeHacks - Fun with lattices in cryptography and cryptanalysis. Oh well, my expectation is that this is going to be too deep for me, but let's see. Nice, fast talk, awesomeness. Lattice - Lenstra-Lenstra-Lovász (LLL lattice basis reduction algorithm) - Shortest Vector Problem (SVP) - Sagemath for Python. Nice text book example of RSA and immediately warning that naive implementation is insecure for multiple reasons. Factoring with Lattices. Coppersmith / Howgrave-Graham. - Coppersmith attack - Shor's algorithm - Qubits are unreliable. Now it gets interesting, NIST post-quantum competition and post-quantum encryption. Some of new encryption algorithms got broken in hours. NTRU encryption and decryption. After all awesome talk, one of the very best talks.