Interesting talks from ccc 35c3

Watched and listened the following talks:

• wallet.fail - "hardware security", so they say. As you might have already guessed, it's snake oil. Liked their RLE compression code. Amazing RF emission data leaks. Totally awesome talk. kw: Bitcoin Ledger, Ledger Blue, custom firmware, hacking, TEMPEST attack, Artificial Intelligence (AI) in the cloud, Tensorflow
• It Always Feels Like the Five Eyes Are Watching You - Nothing new in this talk, I'd guess. But yeah, it's good to remind yourself about this stuff every now and then. Building data time machine, complete and full records of everyone. kw: FVEY, TEMPORA, ECHELON, NSA, GCHQ, CSEC, BND, XKEYSCORE, PRISM, "Lawful access", "Assistance and Access Act", Systemic and mass monitoring and eavesdropping, Panopticon.
• Modchips of the State - kw: Supply chain attacks, Baseboard Management Controller (BMC), Intelligent Platform Management Interface (IPMI), System Management Bus (SMBUS), X-ray analysis, Tailored Access Operations (TAO), GODSURGE, FIREWALK, DEITYBOUNCE, IRONCHEF, hardware spying tools, Contain, Conceal, Cover, flash implant, replacing data in flight. Pretty much ever device inside computer got it's own firmware, Platform, Firmware resiliency Guidelines, Trusted Platform Module (TPM), Google Titan (Security Chip H1), Microsoft Cerberus, PUF, DICE, Apple T2, LinuxBoot, µBMC.
• How Facebook tracks you on Android - Not surpsiting as title, but let's see. 42.55% of Android free apps share data with Facebook. kw: shadow profiles, cookies, many applications send detailed data about user and device and application usage to Facebook.
• Security Nightmares 0x13 - Lots of basic security matters and questions about tracking, privacy and security. DevSecOps. Using hypnosis to recover pass phrases, lol. This is funny stuff. Companies giving up email encryption, it's too hard. But funnier part is that most of companies never cared about email security to begin with. Who's running way old Linux kernel's and so on. Interestingly nobody asked who's running Windows Server 2003 R2 or something similar. People hate needless video conferences, but even more they hate physical meetings.
• Introduction to Deep Learning - Interestingly this talk is pretty much what I've heard in early 90's, at least for the beginning parts. Over fitting, convolutional layer, multiple players nested (deep learning), segmentation network, supervised training, network architectures, convolutional encoder / decoder, fully connected network, max pooling layer, dropout layer, generative adversarial networks, cycle GAN, network resilience, world language model
• Smart Home - Smart Hack - Updating light bulb firmware. Nice Trojan proof of concept via firmware update, creating reverse tunnel to the network.
• SiliVaccine - North Korea's Weapon of Mass Detection - Introduction video was awesome. Trend Micro antivirus engine, huh, pirated version. Circumventing encryption was fun detail. Strange renaming and whitelisting. File system filter driver, funny reverse engineering. Very nice analysis after all.
• The Social Credit System - Of course this is about the Chinese new system. There are good and bad things, but it's interesting it's coming. And I'm sure we've seen all kind of parodies about this in several tv shows and movies. It can be a good thing and a bad thing depending from perspective. Anyway, people have had social credit always, it's just not based on any system, but traditional human relations. You can have a credit record and good reputation or not. As mentioned, in China they also mean that reputation includes trust as well as lawfulness and credit score. Unified score, are you a good or a bad citizen. And some speculation how this can affect the whole society, employers, banks and so on.
• Inside the AMD Microcode ROM - Many details, but nothing which would have made me really laugh. No technical revelations.
• Space Ops 101 - Talk focuses on Space Craft control and communication and what's required to achieve it. Very very nice talk about basics.
• Russia vs Telegram - This is interesting topic, should cover technical notes of the battle in the cyberspace. Roskomnadzor, FSB, blocking Telegram and backslash and finally failure. Proxy hunting and blocking of service providers. - Roskomnadzor, IPv6 = Modern IP, I like that. IPv4 is legacy IP. Failed URL sanity checks and bad parsers. Classic questions, are they really so stupid, or was it intentional internal sabotage. Proxy hunting and blocking. Protocol camouflage is important, otherwise data streams will get blocked.
• Hunting the Sigfox: Wireless IoT Network Security - This is topic which I'm really interested about. Nice presentation about Range, Cost and Power. Well explained Power Spectra Density and Signal to Noise Ratio. Ultra Wide Band vs Ultra Narrow Band. Sigfox data rate for download is 600 bit/s, uplink is 100 bit/s. Yay, full range of buzz words. Sigfox is cheap to use. Phase Modulation. SDR radio sniffing. D-BPSK. Decoding uplink frame structure. CRC-16, Message Authentication Code (MAC), pre-shared key, message signature. Obtaining the encryption key from device. Secret encryption (err) signature key is in plain text (on device). Most of manufacturers don use 'secure element' to store the keys. Uplink security summary, Encryption is available, but it costs money and energy and most of manufacturers aren't using it. Uplink brute force attack, can be accomplished in couple of minutes. Yet the receiver network should block device Id if too many attempts. Which of course then allows Denial of Service (DoS) attack. Replay protection is based on 4096 possibilities causing overflow and allowing replay attack later. Encrypted high security version does use 20 bit sequence numbers, so that's fixed with it. Downlink is initiated by device sending "download request". Downlink uses GFSK (Frequency Modulation). The download link data is lightly scrambled using Sequence Number + Device ID. The frame structure contains CRC-8, ECC (BCH), Payload, MAC (16 bits). Encrypted solution uses of course also encrypted downlink. Other competing technologies: Lora, NB-IoT
• Scuttlebutt - The decentralized P2P gossip protocol - P2P networks are always interesting. How to make those scalable, low latency, reliable, secure and of course not to consume too much energy or being generally extremely inefficient. Distributed / Decentralized network. Duh, this is bad talk. I preferred to read one web-page about it describing the key facts, instead of watching this.
• Transmission Control Protocol (TCP) - I assume this talk doesn't contain anything new, but let's check it out. - Well as expected, nothing new in this talk.
• Deep dive into the world of DOS viruses - Yahoo, Qbasic mentioned. Yet I preferred Turbo Basic & Turbo Pascal. The business logic description of many viruses sounds awfully familiar. Nice flowcharts in ASCII, haha. Interrupt handlers and all good stuff, TSR programs, and so on.
• First Sednit UEFI Rootkit Unveiled - Interesting, UEFI/BIOS malware rootkit module. DXE driver & core volumes. Looks like this is rootkit which wasn't written by any random developer. Circumvents BIOS write lock, using race condition vulnerability exploit. Also covers very nicely UEFI boot process flows. Hints, Use Secure Boot, Update your UEFI firmware, hope that your firmware configures security mechanisms properly. CHIPSEC can e used to do a firmware security assessments.
• Modern Windows Userspace Exploitation - Hopefully this is going to be joyable talk with laughs. Mitigations, mitigations everywhere. Control-flow integrity, code integrity, supporting mitigations, sandboxing, containers, heap randomization. Exploiting Windows platforms. Some nice demos, how isolation is broken. Nice CTF exploits and bad Windows security.
• Post quantum crypto. Last but definitely not least! Protecting encryption against development of powerful quantum computers. Cryptography Standardization Project. See: pqcrypto.org - https://pqcrypto.org/ -. Some of the new suggested algorithms have been already been proven to be really broken. Code, hash, isogeny, lattice, multivariate-quadretic encryption and signatures of course meaning public-key cryptography. This is great talk! It's meaningless if previous version got security proof, if there are any changes, the new version can be totally broken. Development is slow but getting faster, it's probably going to be like the AI aspect. First everyone things it's going to never happen and then panic strikes when it's everywhere. Post quantum signatures / keys are generally large. Sizes usually in hundreds of bytes (SIKE) not bits, some times even a megabyte or more (McEliece). NTRU-HRSS with CECPQ1 and CECPQ2 mentioned as well as XMSS. This encryption can be really challenging for some IoT devices. Algorithm patents mentioned. PQC, CSIDH. ECC keys will be completely broken, good to remember that. See: Open Quantum Safe - https://openquantumsafe.org/ -. Providing a modern cryptographic API, nice! libpqcrypto. Also library interfaces designed to prevent developer screw ups. Great! Formal verification, very very nice. - Lovely! Thank you! Ref: Daniel J. Bernstein, Tanja Lange.

Finally done!

2019-11-10