A look from Japan on the anomalies of Russian traffic, ARM TrustZone errors, hacking smartphones via NFC - what was on PacSec

    One of the most famous PacSec information security conferences in Japan was held on November 12 and 13 in Tokyo. The conference is being held for the 12th time together with AVTOKYO - a less formal hacker party with the international slogan “No drink, no hack”.

    By Western standards, PacSec is small: this year it attracted less than 200 people, which is difficult to compare with the attendance of the same PHDays IV, where 2500 participated. Paying tribute to the New Rose Hotel by the forefather of cyberpunk Uilliam Gibson, Positive Technologies reporters could not resist and tested the capsule hotel


    The conference was attended by star speakers with already well-known reports: Karsten Nohl presented the work “Bad USB: On Accessories that Turn Evil ” ( Bad USB - On Accessories that Turn Evil ), Brian Gorenk and Matt Molynyave from HP (Brian Gorenc , Matt Molinyawe) presented the study “ Blowing up the Celly - Building Your Own SMS / MMS Fuzzer ”: Blowing Up the Sotik: Building Your Own SMS / MMS .


    Yuriko, one of the organizers of the PacSec 2014 conference in a cap with the logo of the SCADA Strangelove team

    Among the new studies, first of all, it is worth paying attention to the presentation on the detection of abnormal announcements in the BGP protocol, one of the fundamental Internet services (Detecting BGP Hijacks in 2014), prepared by Guillaume Valadon and Nicolas Vivet ( Guillaume Valadon, Nicolas Vivet ). This topic is relevant in the light of errors with the redirection of Russian traffic abroad and the initiatives of the Ministry of Communications to increase the stability of the Runet.

    We also note the vulnerability report ARM TrustZone, one of the security technologies embedded in common mobile platforms. Quality work that revealed many memory management errors that put Android, BlackBerry, and Windows Phone systems at risk. It’s a little strange to see memcpy in 2014 without checking the buffer, but there is a fact. Research called «An Infestation of Dragons: Exploring Vulnerabilities in the ARM TrustZone Architecture», sponsored by: Josh Thomas ( Josh «m0nk» by Thomas ), Charles Holmes ( of Charles the Holmes ), Nathan Keltner ( Nathan Keltner ) and Atredis Partners.

    Asian researchers attending the conference focused on malware: Yosuke Chubachi) And Kenji Aiko ( Kenji Aiko ) presented the report "tentacles: probing malware sensitive analysis» (TENTACLE: Environment-Sensitive Malware Palpation), Wenjun Hu (Wenjun Hu) from the main research center of intelligent networks and Xi'an University Network Security spoke about dynamic analysis of Android applications ("Hey, we catch you - dynamic analysis of Android applications").

    Harri Hursti and Margaret MacAlpine talk about the weaknesses of Estonian ID card systemsand the electronic government of Estonia, which are especially relevant, in their opinion, in connection with massive cyber attacks on the electoral system of Ukraine. Judging by the surprised faces of the listeners, few people were left indifferent. This is an unnecessary reminder: when creating an e-government system, you need to think for decades to come, because "putting patches" on an electronic passport is not so simple.

    Georgy Geshev of MWR InfoSecurity ( Georgi Geshev ) in his message Message Queue (MQ) Vulnerabilities thanked Timur Yunusov and Alexei Osipov from Positive Technologies for a number of studies, including the XXE OOB technique presented at Black Hat Europe in spring 2013.


    As it turned out later, George has Bulgarian roots, played CTF for the MSU team and believes that his ability to understand Russian forums and speeches is an important advantage among British colleagues.

    Interestingly, PacSec is made by the same people who organized the famous Canadian CanSecWest, known for its Pwn2Own contest. It is not surprising that a similar contest is being held at the conference in Tokyo - Mobile Pwn2Own, the third in a row. Contestants with a very solid prize pool must demonstrate hacking techniques for mobile devices. Of particular interest was the category in which attacks were carried out through NFC. Using this contactless technology, I managed to hack Samsung Galaxy S5 and Google Nexus 5 (Apple iPhone 5s was hackedvia the Safari browser). A similar pwn contest took place on PHDays IV, but with regard to SCADA systems, and also brought a good result : more than ten new vulnerabilities in products such as Schneider Electric, Indusoft Web Studio 7.1, ICP DAS RTU PET-7000, Siemens Simatic S7-1200 PLC


    Positive Technologies experts also spoke at a conference in Tokyo. Sergey Gordeychik and Alexander Zaitsev showed how you can make calls from someone else’s number using special SMS messages, gain access to the self-service portal, intercept 4G traffic and even install the bootkit on the computer to which the USB modem is connected ( details here ).

    The Root via SMS: 4G Access Level Security Assessment study will soon be dedicated to a separate habtopopik.

    Also popular now: