The 28th Annual Chaos Communications Congress just wrapped things up on December 31st and they’ve already published recordings of all the talks at the event. These talks were live-streamed, but if you didn’t find time in your schedule to see all that you wanted, you’ll be happy to find your way to the YouTube collection of the event.

The topics span a surprising range. We were surprised to see a panel discussion on depression and suicide among geeks (hosted by [Mitch Altman]) which joins another panel called Queer Geeks, to address some social issues rather than just hardcore security tech. But there’s plenty of that as well with topics on cryptography, security within web applications, and also a segment on electronic currencies like Bitcoins.

There really is something for everyone and they’ve been thoughtful enough to include playlists for all talks, just the lightning talks, and lightning talks categorized by the day they occurred. Get those links from their YouTube channel description, or find them after the break.

28c3 Playlist Links:

• All Talks
• Lightning Talks (all)
• Lightning Talks Day 2
• Lightning Talks Day 3
• Lightning Talks Day 4

Want to listen in on cellphone calls or intercept test messages? Well that’s a violation of someone else’s privacy so shame on you! But there are black-hats who want to do just that and it may not be quite as difficult as you think. This article sums up a method of using prepaid cellphones and some decryption technology to quickly gain access to all the communications on a cellular handset. Slides for the talk given at the Chaos Communications Congress by [Karsten Nohl] and [Sylvain Munaut] are available now, but here’s the gist. They reflashed some cheap phones with custom firmware to gain access to all of the data coming over the network. By sending carefully crafted ghost messages the target user doesn’t get notified that a text has been received, but the phone is indeed communicating with the network. That traffic is used to sniff out a general location and eventually to grab the session key. That key can be used to siphon off all network communications and then decrypt them quickly by using a 1 TB rainbow table. Not an easy process, but it’s a much simpler method than we would have suspected.

[Thanks Rob]

Well it looks like the Play Station 3 is finally and definitively cracked. FailOverflow’s Chaos Communications Congress talk on console security revealed that, thanks to a flaw on Sony’s part, they were able to acquire the private keys for the PS3. These keys can be used to sign your own code, making it every bit as valid (to the machine anyway) as a disk licensed by the media giant. We’ve embedded the three-part video of the talk, which we watched in its entirety with delight. We especially enjoy their reasoning that Sony brought this upon themselves by pulling OtherOS support.

We remember seeing a talk years back about how the original Xbox security was hacked. We looked and looked but couldn’t dig up the link. If you know what we’re talking about, leave the goods with your comment.

[Thanks BoBeR182 via The Register]

A new open source package called Lightning Rod will help to close security exploits in Adobe’s dirty Flash code. A presentation made at the 26th Chaos Communication Congress showed that the package does its job by reviewing incoming code before the browser executes it. Heise Online is reporting that this method can block over 20 different known attacks and can even be used to filter out malicious JPG attacks. As more vulnerabilities are discovered they can be added to Lightning Rod to close the breach. This amounts to a virus scanner for Flash code. It’s great to have this type of protection but why can’t Adobe handle its security problems?

[Photo Credit]

[Thanks das_coach]

After running a successful hacker convention for ten solid years, the people who brought you ToorCon are planning a new event to shake up the US hacker scene. ToorCamp will be held July 2nd-5th, 2009 at a former missile silo in central Washington state. Hackers will camp on-site for two days of talks followed by two days of workshops. Art and music events are planned for every night. Camps like this are already help biannually in Europe: What the Hack in 2005, Chaos Communication Camp 2007, and Hacking at Random 2009, coming this fall. The complex is one of three Titan 1 missile complexes in the Moses Lake area. The sites were in operation less than three years between 1962 and 1965. The former missile command center has been converted to a secure data center run by Titan I, LLC. ToorCamp promises to be a very unique experience and we’re looking forward to attend this and future years.

Zero Day has an interview with German researchers who have found a way to take down the Storm Worm botnet. Their program, Stormfucker, takes advantage of flaws in Storm’s command network: Nodes that are NAT‘d only use a four-byte XOR challenge. Nodes that aren’t NAT’d are only using a trivial 64bit RSA signature. Their solution can clean infected machines and also distribute to other nodes. Unfortunately, installing software without the user’s consent is the exact same behavior as malware. Don’t expect to see this in any sort of widespread use. The researchers did point out that some ISPs have moved to shutting off service for infected customers until their machines are cleaned.

[Tobias Engel] released a serious Nokia vulnerability today. By using a specially crafted SMS message, you can block the recipient from getting any future SMS messages. The attacker changes their Protocol Identifier to “Internet Electronic Mail” and then uses any email address 32 characters or more in their message. The recipient will receive no indication that they got the message and no other messages will be allowed until the phone is factory reset. You can see a demo video here. This affects many different varieties of S60 phones and no fix is known.

[Thanks fh]

A team of security researchers and academics has broken a core piece of internet technology. They made their work public at the 25th Chaos Communication Congress in Berlin today. The team was able to create a rogue certificate authority and use it to issue valid SSL certificates for any site they want. The user would have no indication that their HTTPS connection was being monitored/modified.

This attack is possible because of a flaw in MD5. MD5 is a hashing algorithm; each unique file has a unique hash. In 2004, a team of Chinese researchers demonstrated creating two different files that had the same MD5 hash. In 2007, another team showed theoretical attacks that took advantage of these collisions. The team focused on SSL certificates signed with MD5 for their exploit.

The first step was doing some broad scans to see what certificate authorities (CA) were issuing MD5 signed certs. They collected 30K certs from Firefox trusted CAs. 9K of them were MD5 signed. 97% of those came from RapidSSL.

Having selected their target, the team needed to generate their rogue certificate to transfer the signature to. They employed the processing power of 200 Playstation 3s to get the job done. For this task, it’s the equivalent of 8000 standard CPU cores or $20K of Amazon EC2 time. The task takes ~1-2 days to calculate. The tricky part was knowing the content of the certificate that would be issued by RapidSSL. They needed to predict two variables: the serial number and the timestamp. RapidSSL’s serial numbers were all sequential. From testing, they knew that RapidSSL would always sign six seconds after the order was acknowledged. Knowing these two facts they were able to generate a certificate in advance and then purchase the exact certificate they wanted. They’d purchase certificates to advance the serial number and then buy on the exact time they calculated.

The cert was issued to their particular domain, but since they controlled the content, they changed the flags to make themselves an intermediate certificate authority. That gave them authority to issue any certificate they wanted. All of these ‘valid’ certs were signed using SHA-1.

If you set your clock back to before August 2004, you can try out their live demo site. This time is just a security measure for the example and this would work identically with a certificate that hasn’t expired. There’s a project site and a much more detailed writeup than this.

To fix this vulnerability, all CAs are now using SHA-1 for signing and Microsoft and Firefox will be blacklisting the team’s rogue CA in their browser products.

While we had been excited about 25C3′s CTF competition, we couldn’t even venture a guess as to who would win. It seems the iphone-dev team weren’t satisfied to just give an amazing talk. They teamed up with the Wii hackers from HackMii to win the competition. You can see their progress during the eight hour competition above in red. It’s impressive to see hardware hackers jumping over to network security AND completely killing at it.

As promised in their yellowsnow demo, [pytey], [MuscleNerd], and [planetbeing] from the iphone-dev team presented at 25C3 on their work Hacking the iPhone. The team originally formed in 2007 and this is the most comprehensive presentation on how the iPhone was compromised to date. You can find the full talk embedded above.

They opened with a few stats about how popular their software is. Our favorite by far is that at least 180 people with Apple corporate IPs update their phones using the dev-team’s software on a regular basis. From there the talk was split into two sections: jailbreaking the S5L application processor and unlocking the S-Gold baseband processor.

The phone relies on a chain of trust to guarantee that only Apple’s code is being run on it. All of userland is signature checked by the kernel. The kernel is checked when loaded by iboot. The iboot image is checked when loaded by LLB. LLB is loaded from the NOR by the lowest piece of code, the bootrom. That’s where things fall apart; the bootrom does not check the signature of the LLB. To take advantage of this, the team found what they describe as a classic stack buffer overflow in DFU mode. DFU is Device Firmware Upgrade mode, a state that the phone can be forced into after the bootrom loads. Their exploit forces the certificate check to return ‘true’. They are then able to patch all of the subsequent signature checks out of the phone’s system.

The baseband processor proved to be much more difficult simply because it doesn’t have any sort of recovery mode; bricking a phone was always a possibility. The S-Gold is a complete system-on-chip and has a unique ID on each phone. The NOR also has a unique ID on each phone. These two IDs are used to sign the secpack, which in turn enforces the SIM carrier lock. These unique IDs are why you can’t just take an officially unlocked phone and copy the secpack off of it to unlock another phone. Everything else is identical: the firmware, the baseband, the bootroom are all the same. On the second generation iPhone, the bootrom checks the bootloader. The bootloader then verifies the bootrom before checking and then loading the firmware. The firmware enforces the carrier lock. The team decided that it wasn’t worth attempting to break the chain of trust. The SIM unlock code they developed is divided into two sections. The first part is the actual software unlock. They patch the firmware while it’s running in RAM. Their patch modifies the firmware’s decision tree about whether to enforce the carrier lock. The second half is the exploit that allows them to inject the code. The team knows that Apple can and probably will patch the exploit hole, but their RAM patching code will always work, so it’s just a matter of finding another hole to apply it through. In order to do a permanent unlock solution (like on the first generation iPhone), they’d need to analyze the actual bootrom code.

The team mentioned several things Apple did that actually helped them in their efforts. Security was gradually rolled out, so they were able to look at things that would eventually be hidden. The firmware was initially unencrypted. Earlier versions trusted iTunes, something they could easily modify. All userland apps originally ran as root meaning any application exploit gave root level access.

The iphone-dev team has truly put in a tremendous amount of effort and we look forward to the yellowsn0w release on New Year’s Eve.

[Florian] and [Xavier Carcelle] started the day at 25C3 by covering power line communication. PLC technology is not widespread in the US, but has gained popularity in countries like France where it’s included in set-top boxes. PLC lets you create a local network using the AC wires in your wall. The team started exploring PLC because despite being newer technology, it had a few principles that made it similar to old networks. There’s no segmentation in the wiring, which means it behaves like a layer 2 hub. You get to see all of the traffic unlike a switched network. Most power meters don’t filter out the signal, so it’s possible that you might see your next-door neighbor’s traffic on your line. [Florian] reports having seen all the traffic in a six-story building just by plugging in. The wiring also acts as a large antenna so you could employ tempest attacks.

The technology involved is certainly interesting, but they found a lack of tools to work with it. They wrote FAIFA to fill this gap. It’s currently a command line tool for probing and configuring Intellon-based PLC devices (Intellon is the majority chip supplier for PLC). You can query devices and it even has a sniffer mode. Sniffing may not seem interesting since devices that support the HomePlug AV standard use encryption, but they’re all shipping from the factory with the same default key. In the future, they hope to build their own open source FPGA based PLC device to take even more control of the system.

[Kai Kunze] from the Embedded Systems Lab at Passau came to 25C3 to talk about Cyborgs and Gargoyles: State of the Art in Wearable Computing. There have been a lot of homebrew wearable computing solutions, but [Kai] covered specifically projects that could see everyday use in the real world.

The first was a prototype system they built for use in hospitals. The doctor wore a belt buckle sized linux computer under his coat which was attached to an RFID reader on his wrist. He would read the patients RFID wrist band, which would display their chart on the screen. He could then scroll and select using a capacitive sensor built into the coat. Notes could be taken using a bluetooth headset. The system kept the doctor’s hands free for examining the patient while still providing as much information as possible. They actually ran this system for 30 days in a hospital.

The next example was a joint project with the car manufacturer Skoda. Quality assurance (QA) testing can be a long process with many more steps than assembly operations. The team attached sensors to the worker to determine where the worker was in relation to the car and to get direct measurement of the object being tested. The use of wearable technology meant they got more data than they normally would with standard QA testing and they could quickly prompt the worker if they missed a step.

[Kai] identified a couple projects that would make developing your own system much quicker. Context Recognition Network Toolbox helps you identify what actions are being performed. They’ve used it to build systems like an automated kung-fu trainer that can recognize poses. There’s also a context logger app for the iPhone that can be trained using accelerometer data to recognize different activities. He also suggested a program developed with Zeiss for visually prompting workers as they performed tasks. In testing, it was 50% faster than text instructions and 30% faster than voice.

One of the more bizarre/interesting ideas we saw was a phone locator based on resonance (PDF). Designed for a Symbian device, it would play a sound and then record the result that had been modified by the surroundings. Each surface had its own signature so you could query the phone and it would report where it was i.e. on the desk, on the sofa, in the drawer. This resonance sampling can also be employed using the vibration motor.

The final point [Kai] touched on was privacy. If you’re wearing a sensor, you’re potentially giving away personal data. He showed an example of how systems could be designed to keep this information to users. The first part was a camera recording the movement of people in a room. It could identify where the faces were, but not who they were. One of the participants had an accelerometer recording their movements. That user could use the camera’s data to figure out his own movement in the space by correlating the data, but no one else would see the full picture.

The 25th Chaos Communication Congress is underway in Berlin. One of the first talks we dropped in on was [script]‘s Solar-powering your Geek Gear. While there are quite a few portable solar products on the market, we haven’t seen much in the way of real world experience until now.

[script] selected a four segment folding solar panel after some research. He pointed out that solar is currently more of a necessity technology than money saving since the panels can be very expensive. For connectors, he recommended ones that were safe, polarized, and difficult to short, like the RIA connect 230 series he used. Most of the device plugs were easily purchasable, but some had to be salvaged from old AC adapters. A key component of his setup was the adjustable voltage regulator. It’s based on the LTC3780 buck-boost controller which is 98% efficient and can be adjusted from 4V to 25V.

[script] covered some of the problems he ran into in use. The first was an Nokia that refused to charge until a resistor was added to reduce the current delivered. Less sensitive devices like portable peltier fridges will work without any issue. For laptop use, he ran into problems with demand spikes killing the power delivery. He added a large cap normally used in car audio systems to make power delivery more consistent. Laptops can consume as little as 15W during normal use, but when they’re charging the battery, the draw can jump to 50W. On his ThinkPad, he was able to turn off charging to prevent this. He monitored the performance of the panel by building a Kill A Watt style device using an ATmega8 to measure current and voltage and log it to EEPROM.

In conclusion, [script] stated that he was happy with his experience, but that it was still impractical to use the portable panel in anything other than direct sunlight.

With another hacker conference looming in front of us, it’s time to start thinking about hardware security. Hacker conventions have the most hostile network you’ll ever encounter. [Security4all] points out that 25C3 already has an extensive page on securing your hardware. It starts from the ground up with physical security, BIOS passwords, and locking down bootloaders. There’s a section on securing your actual OS and session. Finally, they cover network usage. It mentions using SSH for dynamic forwarding, which we feel is a skill everyone should have. We’ve used it not just for security, but for bypassing brainless bandwidth restrictions too. There’s also the more trick transparent version. Every piece of data you bring with you, you risk losing, so they actually recommend just wiping your iPhone and other devices before attending. It’s important to remember that it’s not just your own data at risk, but everyone/thing you communicate with as well.

Capture the Flag (CTF) is a long running tradition at hacker conventions. It pits teams of security researchers against each other on the same network. Every team gets an identical virtual machine image. The VM has a set of custom written services that are known to be vulnerable. The teams work to secure their image while simultaneously exploiting services on the machines of other teams. A scoring server monitors the match as it progresses and awards points to teams for keeping their services up and also for stealing data from their competitors.

The Chaos Communication Congress in Berlin December 27-30, 2008 will host a CTF competition. Most CTF matches are done head to head in the same room. While 25C3 will have local teams, it will also be wide open for international teams to compete remotely. Remote teams will host their own images on a VPN with the other competitors. Now is a good time to register and familiarize yourself with the scoring system. It will certainly be interesting to see how this competition plays out now that teams that can’t make the trip can still compete.