I was thinking that it would be great to cover events from international conferences. And not just in a general review, but to talk about the most interesting reports. I bring to your attention the first hot ten.
1. Waiting for a friendly tandem of IoT attacks and ranzomvari
In 2016, we saw a meteoric rise in ranzomwari attacks. We had not yet recovered from these attacks, when a new wave of DDoS attacks using IoT covered us. In this report, the author provides a step-by-step description of how an attack by a ranzovar takes place. How the ranzovari works, and what the researcher must do at each stage to counter the ranzovari.
It relies on proven methods. Then the speaker sheds light on how IoT is used in DDoS attacks: he tells what role the auxiliary malware plays in the implementation of these attacks (for subsequent assistance on its part, in conducting a DDoS attack by an IoT army). He also talks about how the tandem of ranzomwari and IoT attacks can become a big threat in the coming years. The speaker is the author of the books "Malware, Rootkits & Botnets: a Beginner's Guide", "Advanced Malware Analysis", "Hacking Exposed: Malware & Rootkits Secrets & Solutions", so he reports competently.
2. "Open your mouth, say 0x41414141": Attack on medical cyber infrastructure
Internet-connected medical equipment is a ubiquitous clinical reality. Such equipment is a valuable help for medical staff, since it automates a significant part of the routine. However, this equipment contains many vulnerabilities (both software and hardware) that open up a wide field of activity for a potential attacker. In the report, the speaker shares his personal experience in conducting pentests for medical cyber infrastructure; and also tells how attackers compromise medical equipment.
The speaker describes: 1) how attackers exploit proprietary communication protocols, 2) how they find vulnerabilities in network services, 3) how they compromise life support systems, 4) how they exploit hardware debugging interfaces and the system data bus; 5) how they attack major wireless interfaces and specific proprietary wireless technologies; 6) how they penetrate into medical information systems, and then read and edit: personal information about the patient's health; office medical records, the content of which is normally hidden even from the patient; 7) how the communication system that medical equipment uses to exchange information and service commands is violated; 8) how to restrict medical staff access to equipment; or block it altogether.
During his pentests, the speaker found many problems with medical equipment. Among them: 1) weak cryptography, 2) the ability to manipulate data; 3) the ability to remotely change equipment, 3) vulnerabilities in proprietary protocols, 4) the possibility of unauthorized access to databases, 5) hard-coded immutable logins / passwords. As well as other sensitive information stored either in the firmware of the equipment or in system binaries; 6) susceptibility of medical equipment to remote DoS attacks.
After reading the report, it becomes obvious that the cybersecurity of the medical sector today is a clinical case and needs intensive care.
3. Toothy exploit at the tip of the contextual advertising skewer
Every day, millions of people access social networks: for work, for entertainment or just because. Under the hood of social networks are Ads-platforms invisible to the average visitor, responsible for delivering relevant contextual advertising to social network visitors. Ads platforms are easy to use and very effective. Therefore, they are in demand among advertisers.
In addition to the ability to reach a wide audience, which is very beneficial for businesses, Ads platforms also allow you to narrow your targeting down to one specific person. Moreover, the functionality of modern Ads platforms even allows you to choose which of the many gadgets of this particular person to display ads.
That. modern Ads-platforms allow the advertiser to reach any person, anywhere in the world. But this ability can also be used by attackers as an entry gateway to the network in which their intended victim operates. The speaker demonstrates how a malicious advertiser can use the Ads platform to precisely target their phishing campaign deployed to deliver a personalized exploit to one specific person.
4. How Real Hackers Dodge Targeted Ads
We use a lot of different computerized services in our daily life. And it is difficult for us to refuse them, even when we suddenly find out that they are conducting total surveillance of us. So total that they track our every body movement and our every finger press.
The speaker clearly explains how modern marketers use a wide variety of esoteric targeting methods. We about mobile paranoia, about total surveillance. And many readers perceived what was written as a harmless joke, but from the presented report it is clear that modern marketers are already using such technologies to the full extent to track us.
What can you do, the contextual advertising industry, which fuels this total surveillance, is advancing by leaps and bounds. To the extent that modern Ads platforms can track not only a person’s network activity (keystrokes, mouse movement, etc.), but also his physiological characteristics (how we press the keys and move the mouse). That. modern Ads-platform tracking tools built into services, without which we cannot imagine life, crawl not only under our underwear, but even under the skin. If we don't have the ability to turn down these overly observant services, why not try to at least bombard them with useless information?
The report demonstrates the author's device (software and hardware bot), which allows: 1) to inject Bluetooth beacons; 2) to make noise the data collected from the vehicle's on-board sensors; 3) falsify the identification parameters of a mobile phone; 4) make the manner of finger pressing (on the keyboard, mouse and sensor) noisy. All of this information is known to be used to target ads on mobile gadgets.
The demonstration shows that after the launch of the author's device, the tracking system goes crazy; that the information it collects becomes so noisy and inaccurate that it will no longer be of any use to our observers. As a good joke, the speaker demonstrates how, thanks to the presented device, the “tracking system” begins to perceive a 32-year-old hacker as a 12-year-old girl who is madly in love with horses.
5. 20 years of MMORPG hacking: better graphics, same exploits
The topic of MMORPG hacking has been discussed at DEF CON for over 20 years. Paying tribute to the anniversary, the speaker describes the most significant moments from these discussions. In addition, he talks about his adventures in the field of poaching in online toys. Since Ultima Online (in 1997). And subsequent years: Dark Age of Camelot, Anarchy Online, Asherons Call 2, ShadowBane, Lineage II, Final Fantasy XI/XIV, World of Warcraft. Including several fresh representatives: Guild Wars 2 and Elder Scrolls Online. And this is not the whole track record of the speaker!
The report provides technical details on creating exploits for MMORPGs that help to get hold of virtual money, and which are relevant for almost every MMORPG. The speaker briefly talks about the eternal confrontation between poachers (exploit manufacturers) and "fish surveillance"; and about the current technical state of this arms race.
Explains the detailed packet analysis technique and how to configure exploits so that poaching is not detected on the server side. Including presents the latest exploit, which at the time of the report had an advantage over the “fish supervision”, in the arms race.
6 Hack Robots Before Skynet Comes
Robots are all the rage these days. In the near future, they will be everywhere: on military missions, in surgical operations, in the construction of skyscrapers; shop assistants; hospital attendants; business assistants, sexual partners; home cooks and full members of the family.
As the robot ecosystem expands and the influence of robots in our society and economy skyrockets, they begin to pose a significant threat to people, animals and businesses. At their core, robots are computers with arms, legs, and wheels. And given the modern realities of cybersecurity, these are vulnerable computers with arms, legs and wheels.
Software and hardware vulnerabilities in modern robots allow an attacker to use the physical capabilities of the robot - to cause property or financial damage; or even accidentally or intentionally endanger human life. The potential threats to everything in the vicinity of robots increase exponentially over time. And they are growing in contexts that the established computer security industry has never seen before.
In his recent research, the speaker found many critical vulnerabilities in home, corporate and industrial robots - from well-known manufacturers. In the report, he reveals the technical details of current threats, and explains exactly how attackers can compromise various components of the robot ecosystem. With demonstration of operating exploits.
Among the problems discovered by the speaker in the ecosystem of robots: 1) unsafe communications; 2) the possibility of memory damage; 3) vulnerabilities that allow remote code execution (RCE); 4) the possibility of violating the integrity of the file system; 5) problems with authorization; and in some cases the absence of such at all; 6) weak cryptography; 7) problems with updating the firmware; 8) privacy issues; 8) undocumented features (also vulnerable to RCE, etc.); 9) weak default configuration; 10) Vulnerable Open Source “robot control frameworks” and software libraries.
The speaker provides live demonstrations of a variety of hacking scenarios related to cyber espionage, insider threat, property damage, and more. Describing realistic scenarios that can be observed in the wild, the speaker explains how the insecurity of modern robot technology can lead to hacking. Explains why hacked robots are even more dangerous than any other compromised technology.
The speaker also draws attention to the fact that raw research projects go into production before security issues are resolved. Marketing always wins. We urgently need to correct this unhealthy state of affairs. Until Skynet came. Although ... The next report suggests that Skynet has already come.
7. The militarization of machine learning
At the risk of being branded as a nutty scientist, the speaker is still touched by his "brand new creation of the devil", proudly introducing DeepHack: hacker AI, open source. This bot is a self-learning web application cracker. It is based on a neural network, which is trained by the "trial and error" method. At the same time, DeepHack treats the possible consequences for a person from these trials and errors with frightening disdain.
Using just one universal algorithm, it learns to exploit various types of vulnerabilities. DeepHack opens the door to the realm of hacker AI, of which numerous representatives can already be expected in the near future. In this regard, the speaker proudly characterizes his bot as the “beginning of the end.”
The speaker believes that AI-based hacking tools, which will soon appear, following DeepHack, are a fundamentally new technology that cyber defenders and cyber attackers have yet to adopt. The speaker guarantees that next year each of us will either write machine learning hacking tools ourselves or will desperately try to defend against them. There is no third.
Also, whether jokingly or seriously, the speaker states: “No longer the prerogative of diabolical geniuses, the inevitable dystopia of AI is already available to everyone today. So join us as we show you how you can participate in the destruction of humanity by creating your own militarized machine learning system. Of course, if guests from the future do not prevent us from doing this.
8. Total Recall: Implanting Passwords into Cognitive Memory
What is cognitive memory? How can a password be "implanted" there? And is it generally safe? And why do such tricks at all? The idea is that with this approach, you won't be able to tell your passwords, even under duress; while maintaining the possibility of authorization in the system.
The talk begins with an explanation of what cognitive memory is. It then explains the difference between explicit and implicit memory. The following is a discussion of the concepts of the conscious and the unconscious. And it also explains what kind of essence this is - consciousness. Describes how our memory encodes, stores and retrieves information. The limitations of human memory are described. And also how our memory is trained. And the report ends with a story about modern research on human cognitive memory, in the context of how to introduce passwords into it.
The speaker, of course, did not bring the ambitious statement made in the title of his presentation to a complete solution, but at the same time he cited several interesting studies that are on the outskirts of solving the problem. In particular, research at Stanford University, the subject of which is the same topic. And a project to develop a human-machine interface for visually impaired people - with a direct connection to the brain. The speaker also refers to a study by German scientists who managed to make an algorithmic connection between the electrical signals of the brain and verbal phrases; the device they developed allows you to type text just by thinking about it. Another interesting study referred to by the speaker is the neurotelephone, an interface between the brain and a mobile phone using a wireless EEG headset (Dartmouth College, USA).
As already noted, the speaker did not bring the ambitious statement in the title of his presentation to a complete solution. However, the speaker notes that despite the fact that there is no technology for implanting a password into cognitive memory yet, there is already a malware that tries to extract it from there.
9. And the baby asked: “Do you really think that only government hackers can carry out cyber-attacks on the power grid?”
The uninterrupted operation of electricity is of paramount importance in our daily lives. Our dependence on electricity becomes especially evident when it is turned off, even if only for a short time. Today it is generally accepted that cyber-attacks on the power grid are extremely complex, and are only accessible to government hackers.
The speaker challenges this established opinion and provides a detailed description of the attack on the power grid, the cost of which is acceptable even for non-governmental hackers. It demonstrates information collected from the Internet that will be useful in modeling and analyzing the target power grid. And it also explains how this information can be used to simulate attacks on power grids around the world.
The report also demonstrates a critical vulnerability discovered by the speaker in General Electric Multilin products, which are widely used in the energy sector. The speaker describes how he completely compromised the encryption algorithm used in these systems. This algorithm is used in General Electric Multilin products for secure communication of internal subsystems, and for controlling these subsystems. Including to authorize users and provide access to privileged operations.
Having learned access codes (as a result of compromising the encryption algorithm), an attacker can completely disable the device and turn off electricity in specified sectors of the power grid; block operators. In addition, the speaker demonstrates the technique of remote reading of digital traces left by equipment vulnerable to cyber attacks.
10. The internet already knows I'm pregnant.
Women's health is big business. There are a huge number of Android apps on the market that help women track their monthly cycle, know when they are most likely to conceive, or keep track of their pregnancy status. These apps encourage women to record the most intimate details of their lives, such as mood, sexual activity, physical activity, physical symptoms, height, weight, and more.
But how private are these apps, and how secure are they? After all, if the application stores such intimate details about our personal lives, it would be nice if it did not share this data with anyone else; for example, with a friendly company (engaged in targeted advertising, etc.) or with a malicious partner / parent.
The speaker presents the results of his cybersecurity analysis of more than a dozen fertility-predicting and pregnancy-tracking apps. He found that in most of these applications, there are serious problems with cybersecurity in general and privacy in particular.
Source: habr.com