Uncategorized

USB attack to Mazda cars: Bad Valet attack

“Bad Valet is the new Evil Maid” –Joanna Rutkowska

 

“A PoC that the USB port is an attack surface for a Mazda car’s infotainment system and how Mazda hacks are made.”

https://github.com/shipcod3/mazda_getInfo

 

Standard
Uncategorized

airline industry and device physical security

Welcome to Travel 2.0, where all devices are now required to go through a potential Evil Maid Attack by the TSA equivalent of government of each travel you visit, starting with the US. 😦

http://gizmodo.com/the-us-may-have-banned-electronics-on-middle-eastern-fl-1793457809

http://onemileatatime.boardingarea.com/2017/03/20/airplane-electronics-ban/

http://www.usatoday.com/story/travel/flights/todayinthesky/2017/03/20/airline-electronic-devices-prohibited-cabin/99417832/

http://www.marketwatch.com/story/most-electronic-devices-banned-on-certain-us-flights-from-middle-east-africa-2017-03-20

http://www.reuters.com/article/us-usa-airlines-electronics-idUSKBN16R2JN

 

Standard
Uncategorized

BIOS mod lab at upcoming SecuringHardware.com training

For those who need Evil Maid skills take note: Joe Fitzpatrick has added a BIOS mod lab to his Black Hat training on x86 physical attacks.

Applied Physical Attacks on x86 Systems
Joe FitzPatrick, SecuringHardware.com
July 30-August 2

This course introduces and explores attacks on several different relatively accessible interfaces on x86 systems. Attendees will get hands-on experience implementing and deploying a number of low-cost hardware devices to enable access, privilege, and deception which is in some cases imperceptible from software. The course has several modules: USB, SPI/BIOS, I2C/SMBus, PCIe, and JTAG. Each begins with an architectural overview of an interface, and follows with a series of labs for hands-on practice understanding, observing, interacting with, and exploiting the interface, finishing with either potentially exploitable crashes or directly to root shells.

https://www.blackhat.com/us-16/training/applied-physical-attacks-on-x86-systems.html

Standard
Uncategorized

Western Digital drives vulnerable: BadUSB, EvilMaid

Most news sites are reporting about bad security in Western Digital hard drives. As presented at Hardware.io the other week, and from the Full Disclosure mailing list from a few days ago, excerpt below:

Authors: Gunnar Alendal, Christian Kison, modg
Vendor notification: The vendor has been informed of the research.
Patches: The authors are not aware of any fixes.

Research on Western Digital wide-spread self-encrypting hard drive series “My Passport” / “My Book”. Devices researched utilizes mandatory HW AES encryption. Multiple vulnerabilities, including:
* Multiple authentication backdoors, bypassing password authentication
* AES factory key recovery attacks, exposing user data on all affected devices, regardless of user password
* Exposure of HW PRNGs used in cryptographic contexts
* Unauthorized patching of FW, facilitating badUSB/evil-maid attacks

Architectures researched (USB Bridge Vendor – Chip model – Architecture):
 JMicron – JMS538S – Intel 8051
 Symwave – SW6316 – Motorola M68k
 PLX – OXUF943SE – ARM7
 Initio – INIC-1607E – Intel 8051
 Initio – INIC-3608 – ARC 600
 JMicron – JMS569 – Intel 8051

https://eprint.iacr.org/2015/1002.pdf
http://hardwear.io/wp-content/uploads/2015/10/got-HW-crypto-slides_hardwear_gunnar-christian.pdf
http://seclists.org/fulldisclosure/2015/Oct/79

https://threatpost.com/academics-find-critical-flaws-in-self-encrypting-hardware-drives/115103/

http://www.theregister.co.uk/2015/10/20/western_digital_bad_hard_drive_encryption/

Standard
Uncategorized

Joanna Rutkowska to speak in Sweden next month

Joanna Rutkowska is one of the speakers at “Next Generation Threats“, taking place in Stockholm, Sweden in September.

Trust as the no. 1 enemy of security: the client systems study

We are forced to trust a lot of things: the files we receive or websites we visit, that they are not going to exploit bugs in our (trusted) apps, the (trusted) software we use has no backdoors built in or added by 3rd parties. Also that the (trusted) OS components are secure and can protect our data, that the underlying (trusted) firmware and hardware is not subverting security mechanisms implemented by our (trusted) Operating System. The more trust we are forced into, the less secure our digital lives are, of course. Trust is the #1 enemy of security. Is there anything we can do about it? What’s the smallest reasonable amount of trust we need in case of a typical client (desktop) system today? Can trust be distributed?

Bio:
Joanna Rutkowska is a founder of Invisible Things Lab and the Qubes OS project, which she has been leading since its inception in 2010. Prior to that she has been focusing on system-level offensive security research. Together with her team at ITL, she has presented numerous attacks on virtualization systems and Intel security technologies, including the famous series of exploits against the Intel Trusted Execution Technology (TXT), the still-only-one software attack demonstrating Intel VT-d escape, and also supervised her team with the pioneering research on breaking into the Intel vPro BIOS and AMT/MT technology. She is also known for writing Blue Pill, the first hardware virtualization-based rootkit, introducing Evil Maid attack, and for her prior work on kernel-mode malware for Windows and Linux in the first half of the 2000s.

http://techworld.event.idg.se/event/ngt15-sthlm/

Standard