Threat Research
This is the first conference where I have heard so much about hacking robots! Between yesterday and today, we've had:
Today's talks covered home & industrial robots. While robots are expected to have built-in safety to prevent them from harming humans or themselves, the speakers showed in several examples that security vulnerabilities could compromise that status:
Other vulnerabilities that affect robots:
References:
This talk demonstrated a tricky way to have MIPS code behave differently on a real physical device and on an emulator. Additionally, disassembly with standard disassemblers showed code that matched the behaviour of the emulator's version, confusing the developer or reverse engineer even more. This trick can be used as an anti-disassembly technique, or an anti-emulation technique.
It relies on two concepts:
The trick consists of using an extended instruction in the branch delay slot. The documentation says this should not be done as it causes "unpredictable results" but, in reality, if such a program is crafted intentionally, we see that emulators and disassemblers understand the code differently than physical hosts:
Hence, different behaviour is observed and can be used to detect the underlying architecture.
See PoC GTFO vol 15, article 9.
PoC GTFO is a highly technical journal, with absolutely amazing and innovative articles. While elite, this technique is likely to be used in obfuscators, anti-disassemblers, and CTF challenges.
There were several other interesting talks today, including the vulnerabilities of yacht navigation systems, but let's keep the blog post short and refer you to the TROOPERS webpage for more information.
-- the Crypto Girl
Sign up for our weekly FortiGuard intel briefs or to be a part of our open beta of Fortinet’s FortiGuard Threat Intelligence Service.