“Bad Valet is the new Evil Maid” –Joanna Rutkowska
“A PoC that the USB port is an attack surface for a Mazda car’s infotainment system and how Mazda hacks are made.”
Welcome to Travel 2.0, where all devices are now required to go through a potential Evil Maid Attack by the TSA equivalent of government of each travel you visit, starting with the US. 😦
For those who need Evil Maid skills take note: Joe Fitzpatrick has added a BIOS mod lab to his Black Hat training on x86 physical attacks.
Applied Physical Attacks on x86 Systems
Joe FitzPatrick, SecuringHardware.com
July 30-August 2
This course introduces and explores attacks on several different relatively accessible interfaces on x86 systems. Attendees will get hands-on experience implementing and deploying a number of low-cost hardware devices to enable access, privilege, and deception which is in some cases imperceptible from software. The course has several modules: USB, SPI/BIOS, I2C/SMBus, PCIe, and JTAG. Each begins with an architectural overview of an interface, and follows with a series of labs for hands-on practice understanding, observing, interacting with, and exploiting the interface, finishing with either potentially exploitable crashes or directly to root shells.
Most news sites are reporting about bad security in Western Digital hard drives. As presented at Hardware.io the other week, and from the Full Disclosure mailing list from a few days ago, excerpt below:
Authors: Gunnar Alendal, Christian Kison, modg
Vendor notification: The vendor has been informed of the research.
Patches: The authors are not aware of any fixes.
Research on Western Digital wide-spread self-encrypting hard drive series “My Passport” / “My Book”. Devices researched utilizes mandatory HW AES encryption. Multiple vulnerabilities, including:
* Multiple authentication backdoors, bypassing password authentication
* AES factory key recovery attacks, exposing user data on all affected devices, regardless of user password
* Exposure of HW PRNGs used in cryptographic contexts
* Unauthorized patching of FW, facilitating badUSB/evil-maid attacks
Architectures researched (USB Bridge Vendor – Chip model – Architecture):
JMicron – JMS538S – Intel 8051
Symwave – SW6316 – Motorola M68k
PLX – OXUF943SE – ARM7
Initio – INIC-1607E – Intel 8051
Initio – INIC-3608 – ARC 600
JMicron – JMS569 – Intel 8051
Joanna Rutkowska is one of the speakers at “Next Generation Threats“, taking place in Stockholm, Sweden in September.
Trust as the no. 1 enemy of security: the client systems study
We are forced to trust a lot of things: the files we receive or websites we visit, that they are not going to exploit bugs in our (trusted) apps, the (trusted) software we use has no backdoors built in or added by 3rd parties. Also that the (trusted) OS components are secure and can protect our data, that the underlying (trusted) firmware and hardware is not subverting security mechanisms implemented by our (trusted) Operating System. The more trust we are forced into, the less secure our digital lives are, of course. Trust is the #1 enemy of security. Is there anything we can do about it? What’s the smallest reasonable amount of trust we need in case of a typical client (desktop) system today? Can trust be distributed?
Joanna Rutkowska is a founder of Invisible Things Lab and the Qubes OS project, which she has been leading since its inception in 2010. Prior to that she has been focusing on system-level offensive security research. Together with her team at ITL, she has presented numerous attacks on virtualization systems and Intel security technologies, including the famous series of exploits against the Intel Trusted Execution Technology (TXT), the still-only-one software attack demonstrating Intel VT-d escape, and also supervised her team with the pioneering research on breaking into the Intel vPro BIOS and AMT/MT technology. She is also known for writing Blue Pill, the first hardware virtualization-based rootkit, introducing Evil Maid attack, and for her prior work on kernel-mode malware for Windows and Linux in the first half of the 2000s.