Archive for August 9th, 2018

DEFCON/Black Hat updates: round 2.

Thursday, August 9th, 2018

Another Ars story based on another Black Hat panel:

Life-saving pacemakers manufactured by Medtronic don’t rely on encryption to safeguard firmware updates, a failing that makes it possible for hackers to remotely install malicious wares that threaten patients’ lives, security researchers said Thursday.

The presentation in question is “Understanding and Exploiting Implanted Medical Devices” by Billy Rios and Jonathan Butts. No slides or white paper yet, so I don’t want to comment very much. But: I do also want to point out this article, “The $250 Biohack That’s Revolutionizing Life With Diabetes“. Why? Well…

The DIY pancreas movement would never have happened if not for a Medtronic blunder. In 2011 a pair of security researchers alerted the public that the wireless radio frequency links in some of the company’s best-selling insulin pumps had been left open to hackers. Medtronic closed the loophole after the researchers warned of risks to patients, but it never recalled the devices, leaving thousands in circulation.

Some additional interesting looking work:

  • “TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of Industrial Control Systems, Forever” by Andrea Carcano, Marina Krotofil, and Younes Dragoni. “In 2017, a sophisticated threat actor deployed the TRITON attack framework engineered to manipulate industrial safety systems at a critical infrastructure facility. This talk offers new insights into TRITON attack framework which became an unprecedented milestone in the history of cyber-warfare as it is the first publicly observed malware that specifically targets protection functions meant to safeguard human lives.” Slides. White paper.
  • There will be Glitches: Extracting and Analyzing Automotive Firmware Efficiently” by a whole bunch of people.
  • And it just wouldn’t be a security conference in 2018 without a Tesla attack: “Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECUs of Tesla Cars” by Ling Liu, Sen Nie, Wenkai Zhang, and Yuefeng Du. White paper is at the link: slides are broken.

That’s all I’ve been able to turn up today. More tomorrow, I hope.

Posted in Cars, DEFCON, DEFCON 26 | Comments Closed

Black Hat 2018/DEFCON 26 0 day updates.

Thursday, August 9th, 2018

Some of yesterday’s Black Hat presentations:

Some others that I didn’t get to the first time around:

  • “Software Attacks on Hardware Wallets” by Alyssa Milburn and Sergei Volokitin. “…we show how software attacks can be used to break in the most protected part of the hardware wallet, the Secure Element, and how it can be exploited by an attacker.” Slides. White paper.
  • “Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers” with a whole big bunch of folks. “…we show that it is possible to recover the original leaked signal over large distances on the radio. As a result, variations of known side-channel analysis techniques can be applied, effectively allowing us to retrieve the encryption key by just listening on the air with a software defined radio (SDR).” Slides. White paper.

Ars Technica has a story up in advance of Justin Shattuck’s “Snooping on Cellular Gateways and Their Critical Role in ICS” presentation later today:

…many of the unsecured gateways were installed in police cars, ambulances, and other emergency vehicles. Not only were the devices openly broadcasting the locations of these first responders, but they were also exposing configurations that could be used to take control of the devices and, from there, possibly control dash cameras, in-vehicle computers, and other devices that relied on the wireless gateways for Internet connections.

There are a couple of other presentations from yesterday that sound interesting on second look, but the links to them are currently broken. Also, I haven’t had a chance to read through all of these yet: I did give a quick skim to “Stress and Hacking” and “Reversing a Japanese Wireless SD Card” and look forward to a more careful read of both.

I think I’m going to try to post a second update later this evening if the broken links are fixed and/or new content is available. We should also be getting close to the point where the DEFCON 26 media server has preliminary versions of the presentations up…

Edited to add: DEFCON 26 presentations are now live on the DEFCON media server.

Posted in DEFCON, DEFCON 26, Geek, Radio, WiFi | Comments Closed