Last weekend, DEF CON held their “SAFE MODE” conference: instead of meeting at a physical venue, the entire conference was held online. All the presentations are available on the official DEF CON YouTube channel. We’ll cover a few of the presentations here, and watch out for other articles on HaD with details on the other talks that we found interesting.
Continue reading “This Week In Security: DEF CON, Intel Leaks, Snapdragon, And A Robot Possessed”
If you miss the days you could get an organizer that would — sort of — run Linux, you might be interested in Popcorn computer’s Pocket P. C., which was recently open-sourced on GitHub. Before you jump over to build one, though, there are a few things you should know.
First, the files are untested since the first unit hasn’t shipped yet. In addition, while the schematic looks pretty complete, there’s no actual bill of materials and the PCB layers in the PDF file might not be very easy to replicate, since they are just a series of images, one for each layer. You can see an overview video of the device, below.
This year, at DEF CON 28 DEF CON Safe Mode, security researchers [Jiska Classen] and [Francesco Gringoli] gave a talk about inter-chip privilege escalation using wireless coexistence mechanisms. The title is catchy, sure, but what exactly is this about?
To understand this security flaw, or group of security flaws, we first need to know what wireless coexistence mechanisms are. Modern devices can support cellular and non-cellular wireless communications standards at the same time (LTE, WiFi, Bluetooth). Given the desired miniaturization of our devices, the different subsystems that support these communication technologies must reside in very close physical proximity within the device (in-device coexistence). The resulting high level of reciprocal leakage can at times cause considerable interference.
There are several scenarios where interference can occur, the main ones are:
To tackle these kind of problems, manufacturers had to implement strategies so that the devices wireless chips can coexist (sometimes even sharing the same antenna) and reduce interference to a minimum. They are called coexistence mechanisms and enable high-performance communication on intersecting frequency bands and thus, they are essential to any modern mobile device. Despite open solutions exist, such as the Mobile Wireless Standards, the manufacturers usually implement proprietary solutions.
Spectra is a new attack class demonstrated in this DEF CON talk, which is focused on Broadcom and Cypress WiFi/Bluetooth combo chips. On a combo chip, WiFi and Bluetooth run on separate processing cores and coexistence information is directly exchanged between cores using the Serial Enhanced Coexistence Interface (SECI) and does not go through the underlying operating system.
Spectra class attacks exploit flaws in the interfaces between wireless cores in which one core can achieve denial of service (DoS), information disclosure and even code execution on another core. The reasoning here is, from an attacker perspective, to leverage a Bluetooth subsystem remote code execution (RCE) to perform WiFi RCE and maybe even LTE RCE. Keep in mind that this remote code execution is happening in these CPU core subsystems, and so can be completely invisible to the main device CPU and OS.
Join me below where the talk is embedded and where I will also dig into the denial of service, information disclosure, and code execution topics of the Spectra attack.
Continue reading “Separation Between WiFi And Bluetooth Broken By The Spectra Co-Existence Attack”
On July 23, multiple services related to Garmin were taken offline, including their call center and aviation related services. Thanks to information leaked by Garmin employees, we know that this multi-day outage was caused by the Wastedlocker ransomware campaign. After four days, Garmin was able to start the process of restoring the services.
It’s reported that the requested ransom was an eye-watering $10 million. It’s suspected that Garmin actually paid the ransom. A leaked decryptor program confirms that they received the decryption key. The attack was apparently very widespread through Garmin’s network, as it seems that both workstations and public facing servers were impacted. Let’s hope Garmin learned their lesson, and are shoring up their security practices. Continue reading “This Week In Security: Garmin Ransomware, KeePass , And Twitter Warnings”
How cool would it be if there was a material that couldn’t be cut or drilled into? You could make the baddest bike lock, the toughest-toed work boots, or the most secure door. Really, the list of possibilities just goes on and on.
Researchers from the UK and Germany claim that they’ve created such a magical material. It can destroy angle grinder discs, resist drill bits, and widen the streams of water jet cutters.
The material is made of aluminium foam that’s embedded with a bunch of small ceramic spheres. It works by inducing retaliatory vibrations into the cutting tools, which turns the tools’ force back on themselves and quickly dulls their edges.
The creators have named the material Proteus after the elusive and shape-shifting prophet of Greek mythology who would only share his visions of the future with those who could get their arms around him and keep him still. It sounds like this material could give Proteus a run for his money.
The ceramic spheres themselves aren’t indestructible, but they’re not supposed to be. Abrading the spheres only makes Proteus stronger. As the cutting tool contacts them, they’re crushed into dust that fills the voids in the aluminium foam, strengthening the material’s destructive vibratory effect. The physical inspiration for Proteus comes from protective hierarchical structures in nature, like the impact-resistant rind of grapefruit and the tendency of abalone shells to resist fracture under the impact of shark teeth.
At this point, Proteus is a proof of concept. Adjustments would likely have to be made before it can be produced at any type of scale. Even so, the recipe seems pretty straightforward. First, an aluminium alloy powder is mixed with a foaming agent. Then the mixture is cold compacted in a compressor and extruded in dense rods. The rods are cut down to size and then arranged along with the ceramic spheres in a layered grid, like a metallurgical lasagna.
The grid is spot-welded into a steel box and then put into a furnace for 15-20 minutes. Inside the furnace, the foaming agent releases hydrogen gas, which introduces voids into the aluminium foam and gives it a cellular structure.
According to their paper, the researchers tried to penetrate the material with an angle grinder, a water jet cutter, and a drill. Of these, the drill has the best chance of getting through because the small point of contact can find gaps more easily, so it’s less likely to hit a ceramic sphere. The researchers also made cylindrical samples without steel cladding which they used to test the compressive strength and prove Proteus’ utility as a structural material for beams and columns. It didn’t fare well initially, but became less compressible as the foam matrix collapsed.
The creation process lends some leeway for customization, because the porosity of the aluminium foam can be varied by changing the bake time. As for the drill bit problem, tightening up security is as easy as adjusting the size and/or density of the ceramic spheres.
In the video after the break, you can watch a chunk of Proteus eat up an angle grinder disc in under a minute. Some may argue about the tool wielder’s technique, but we think there’s something to be said for any material that can destroy a cutting disc that fast. They don’t claim that Proteus is completely impenetrable, but it does look impressive. We wish they would have tried more cutting tools like a gas torch, or experimented with other destructive techniques, like plastic explosives, but we suppose that research budgets only go so far.
Continue reading “Proteus, The Shape-Shifting And Possibly Non-Cuttable Material”
We are saddened to report that William English, co-inventor of the computer mouse, died July 26 in San Rafael, California. He was 91 years old.
Every piece of technology starts with a vision, a vague notion of how a thing could or should be. The computer mouse is no different. In fact, the mouse was built to be an integral part of the future of personal computing — a shift away from punch cards and mystery toward a more accessible and user-friendly system of windowed data display, hyperlinks, videoconferencing, and more. And all of it would be commanded by a dot on the screen moving in sync with the operator’s intent, using a piece of hardware controlled by the hand.
The stuff of science fiction becomes fact anytime someone has the means to make it so. Often times the means includes another human being, a intellectual complement who can conjure the same rough vision and fill in the gaps. For Douglas Engelbart’s vision of the now-ubiquitous computer mouse, that person was William English.
William English was born January 27, 1929 in Lexington, Kentucky. His father was an electrical engineer and William followed this same path after graduating from a ranch-focused boarding school in Arizona. After a stint in the Navy, he took a position at Stanford Research Institute in California, where he met Douglas Engelbart.
Engelbart showed William his notes and drawings, and he built the input device that Englebart envisioned — one that could select characters and words on the screen and revolutionize text editing. The X/Y Position Indicator, soon and ever after called the mouse: a sort of rough-yet-sleek pinewood derby car of an input device headed into the future of personal computing.
William’s mouse was utilitarian: a wooden block with two perpendicular wheels on the bottom, and a pair of potentiometers inside to interpret the wheels’ X and Y positions. The analog inputs are converted to digital and represented on the screen. The first mouse had a single button, and the cord was designed to run out the bottom, not the top.
Continue reading “William English, Computer Mouse Co-Creator, Has Passed”
Twilio, the cloud provider for all things telecom, had an embarrassing security fail a couple weeks ago. The problem was the Amazon S3 bucket that Twilio was using to host part of their public facing content. The bucket was configured for public read-write access. Anyone could use the Amazon S3 API to make changes to the files stored there.
The files in question were protected behind Cloudflare’s CDN, but there’s a catch to Cloudflare’s service. If you know the details of the service behind Cloudflare, it can often be interacted with directly. In many cases, knowing the IP address of the server being protected is enough to totally bypass Cloudflare altogether. In this case, the service behind the CDN is Amazon’s S3. Any changes made to the files there are picked up by the CDN.
Someone discovered the insecure bucket, and modified a Javascript file that is distributed as part of the Twilio JS SDK. That modification was initially described as “non-malicious”, but in the official incident report, Twilio states that the injected code is part of an ongoing magecart campaign carried out against misconfigured S3 buckets.
Continue reading “This Week In Security: Twilio, PongoTV, And BootHole”
