First reports on PHDays: video conference interception, new version of GhostTunnel, attacks on Java Card

    It’s a hot time for our program committee - applications for participation in Positive Hack Days are in full swing. Those wishing to make a presentation have only a couple of weeks left to submit applications: Call for Papers will close on March 31. Recently, we announced the keynote speaker, PHDays 9, and he will become the famous researcher of GSM network security Karsten Nohl. And today we will introduce the first group of speakers whose speeches are already included in the main program of the forum.

    image

    For the first time, an information security researcher at ElevenPaths, Yamila Vanesa Levalle, will participate in PHDays . Her talk will focus on two open source Python tools that automate attacks on the Cisco Meeting Server video conferencing platform (CMS).

    Many companies use CMS to conduct multilateral video and audio conferences to discuss important corporate issues. It allows users to connect through various clients or through WebRTC and a browser. Despite all the advantages, the platform is fraught with a potential threat. CMS tests revealed the possibility of remotely and without authentication to get the name of the conference, its ID, video address and access code. By the way, CMS was talked about insecurity back in 2016: then Cisco patched a critically dangerous vulnerability that allowed attackers to log in as another user.

    At PHDays, Yamila Vanesa Levalle, using two tools as an example, will demonstrate how an attacker can determine the URL of the CMS used, access the conference and even record the conference using a browser.

    image

    Another speaker at the forum is Yongtao Wang , 360 Technology Senior Security Expert , specializing in penetration testing and security research on wireless networks. He will talk about GhostTunnel - a hidden data transfer tool that bypasses security tools that can be used in isolated environments. PHDays students will learn about the new version of GhostTunnel for servers and Windows (implemented in C / C ++), which was developed several months ago. Thanks to the use of Bluetooth, the tool allows you to create multiple tunnels between the client and server at the same time.

    image

    Security analyst at Dutch company Riscure Sergey Volokitin will speak at the PHDays stand for the third time. Sergey is involved in evaluating the security of embedded systems and testing the security of smart cards, TEE-based solutions and secure devices. At PHDays 7 he talkedabout attacks on secure containers of smart cards based on Java that allow an attacker to steal cryptographic keys and PIN codes of other applets installed on the card. This year, Sergey will share a new attack method that can bypass application isolation implemented in modern smart cards, as well as the security mechanisms provided by the Java Card platform. In addition, other attacks aimed at revealing critical data will be demonstrated and solutions proposed to prevent them.

    PHDays 9 will be held May 21-22, 2019. A full list of speeches will be published on the forum website in April. For more information on topics and rules for participation, see the Call for Papers page .

    Also popular now: