Threat Research

Inside BlackHat Europe 2014

By Axelle Apvrille | October 29, 2014

The conference started with Adi Shamir's keynote. As it was covered at length by rootshell, I won't be discussing it in this post - apart from the fact that I was really happy to listen to such a brilliant mind like Adi Shamir. I also appreciated his talk which was more like a research / hacking talk than like a generic keynote.

I will now give you my personal opinion on some of the best talks I attended. The white papers and slides are available on BlackHat's website.

Quantified Self - a path to self-enlightenment or just a security nightmare?

Candid Wuest

Pros: Security and privacy issues on wrist band, smart scales etc. Refreshing talk on a topic we don't see that often yet at conferences. I am sure we will in the next few years ;) Cons: This is more an introductory talk than a research talk. Apart from their Blueberry Pi (a Bluetooth scanning device on a Raspberry Pi), I didn't learn much 'new' stuff in there (but this is my field, so it also explains it). Mind you, it's an interesting recap nonetheless.

Attacking the Linux PRNG on Android: Weaknesses in Seeding of Entropic Pools and Low Boot-Time Entropy

Sagi Kedmi et al.

Pros: Interesting research work with scientific contribution. At boot time, there is less entropy (because less devices are available to collect random data). This degenerates the PRNG which can be attacked, and its state can be guessed. The slides explain well a quite complicated matter. By the way, even if it stressed the speaker, he can be honoured Adi Shamir followed his talk and obviously found it interesting ;) Cons: A real live demo (not a video) would have been appreciated.

Hide Android Applications in Images

That's my own talk - joint work with Ange Albertini. I'll however try to give a not too biaised impression on it. Paper and slides are available on BlackHat's website

Pros: Novel attack (and mitigations). People found the demo quite impressive, Even heard comments it was quite 'elegant'. It has been appreciated to that I did a live demo (not a recording). Cons: Quick. It was a 20 minute talk, perhaps we should have applied for the 50 min talk and go slower. I didn't have much time to explain how to patch the issue (fortunately, the Android Security Team is taking care of it). I had the feeling that part of the audience got lost on how the attack is implemented and how we put the different file format and crypto tricks together. Attendees will probably have to read the paper (or sit back and take time to look at the slides once again).

Hacking the Wireless World with Software Defined Radio - 2.0

Balint Seeber

Pros: Tremendous work mapping detected radio signals onto 2D and 3D maps. It's impressive to see that the signals also reflect on electrical lines. I'm certain the audience also appreciated the demo of the locally available operator network - calling or sending SMS messages to each other in the room. As we already have an OpenBTS in our lab, this wasn't new to me, but I was interested to see they had made a lot of progress on it: there is no longer any need to have a host running Asterisk next to the USRP, everything is on their new hardware board USRP B210

Cons: There were several slides with radio signals, noise etc. It certainly makes it look more ... scientific, but I didn't see the point of showing this. Finally, this talk is more a demonstration of what you can do with SDR than a research talk (its contribution is on the implementation, not in design / ideas).

Industrial Control Systems: Pentesting PLCs 101

Arnaud Soullie

Pros: Exercised on two real PLCs: a Schneider m340 and a Siemens S7-1200. I really like we could really have our hands on the PLCs, not a video or an emulator. The lab exercises weren't too difficult, and the speaker provided plenty of handy tools I hadn't heard of (modbuspal, mbtget) and others I already knew about (plcscan, metasploit) but was nevertheless happy to use once more. Cons: No real con, this was quite perfect! This was a workshop, so I didn't expect to hear about ICS 0-days or novel research.

The two presentations I attended in the arsenal were really interesting. They could have been promoted even more.

Arsenal: NFCult

Matteo Beccaro

Pros: Presents several attacks on MIFARE transport tickets. Whenever you stamp the ticket, a counter of remaining transports is decremented. There is also a zone which locks the ticket and prevents any future writes. On attack for example consists in setting that lock zone so that the counter of remaining transports can no longer be decremented. There are also attacks based on cloning the transport ticket - an attack difficult to counter. They implemented an Android application which demonstrates those attacks: you need an NFC-enabled smartphone, and a ticket. I liked this presentation very much. It certainly had more scientific contribution than some other talks I attended. Cons: Would have been great to be able to play with my own transportation ticket (Amsterdam railways).

Arsenal: NAFT Online

Didier Stevens

Pros: Presents NAFT, a toolkit for memory forensics on Cisco routers. Interesting and unusual topic. NAFT now goes online and users can exercise on a remote lab. Actually, there were several workshops on this at ... that I was unfortunately unable to attend (too many interesting things at the same time!) Cons: I'd like support for other network appliances, maybe one day?

-- the Crypto Girl

Join the Discussion