This year again, I was happy to participate to Insomni'hack, in Geneva.
As in all other editions, questions at the end of my Symbian / Android talks had invariably been 'are there malware on iOS?', I decided it was time I specifically addressed the question. I think I made my point that malware for iOS do exist, even on non jailbroken phones, but they are rare. And the latest PawnStorm iOS malware we reversed (live during the talk ;) has something strange about it: partially works on stock iPhone but looks like it was implemented for jailbroken phones, targets military who'd be unlikely to have jailbroken phones etc.
My slides will be available soon in the FortiGuard's research paper section.
The keynote from the Swiss police was interesting. They stressed they were police investigators, so their job did not consist in spying citizens. Usually, they only get involved when after the crimes have been committed... They have forensic tools to deal with material they seized but also undercover operations.
I missed the talk of Nicolas Ruff (which was at the same time as mine ;) and the talk of Raoul Chiesa (just after mine), as I was discussing some issues with mobile phones with other folks, and then trying to reverse a firmware of another equipment ;) That's the 'networking' aspect of conferences, and Insomni'hack is filled with talented people it's good to speak with.
The talk of Chris Valasek on car hacking was great too. He explained how to do security research on cars without actually having to buy cars:
1. Buy the ECU(s) you want to experiment with
2. Get yourself mechanics diagram to understand how to wire everything
3. Simulate input/outputs for the ECU or it won't be working properly. Also it's possible to use Valasek and Miller's CAN bus.
4. Optionally assemble a mobile workbench
The talk was fun and the research is awesome. However, I don't think it totally eludes the need for a car: it would seem to me you need a car for some preliminar investagation at first, and then can use Valasek/Miller's workbench for further vulnerability testing. That's where it'll save money: when you can't afford to buy a new car after each crash ;)
Then, there was the talk of the captain and vice captain of DragonSector. They won Insomni'hack's CTF this year again. Congrats!
The talk showed some stuff on how to identify ROPs, how some improbable solutions finally actually do work etc. There was quite a lot of content, but often navigating between too precise or too vague. I would have been interested in simpler tricks (because enhanced tricks can't be covered by a two or three slides) or perhaps the methodology they use for CTF. I was however happy to follow a talk by such skilled reversers.
Finally, the conference ended by a talk of Bruno Kerouanton. If you haven't ever attended a talk of Bruno, you must, they are just extraordinary. This year, he presented his personal "lab" at home, how his data center evolved since 15 years. He showed plenty of tools he uses and obviously masters them. I'm just surprised he's using a Windows laptop (private joke). Last year's presentation, on finding hidden messages and easter eggs in DVDs was really awesome, if ever you find a video or slides of it.
That's all folks! The CTF will be covered in the next blog posts.
-- the Crypto Girl