10 disturbing attacks at Black Hat USA 2014

Attacking car systems, Google Glass for password theft, using free cloud trials to launch botnets, more.

Black Hat

Black Hat 2014: Is nothing safe?

GOOGLE GLASS
USING GOOGLE GLASS TO SNATCH PASSWORDS

An application that videos victims tapping passwords into touchscreens and analyzes it to steal the passwords with 90% accuracy from three meters. Applicable with Google Glass, Researchers Xinwen Fu and Qinggang Yue of UMass Lowell and Zhen Ling of Southeast University track the movement of the fingertip and use its position to recognize the input taking shadows, optical flow and other factors into account. Passwords can be stolen even if the person behind the camera can’t read the victim’s screen with the naked eye.

PRACTICAL ATTACK AGAINST VIRTUAL DESKTOPS
PRACTICAL ATTACK AGAINST VIRTUAL DESKTOPS

Virtual desktop infrastructure is often touted as a way to make BYOD programs safer by centralizing applications and data and providing end users with only presentations of them. But Daniel Brodie and Michael Shaulov of Lacoon Mobile Security will demonstrate a proof-of-concept attack against VDI that they say is not only feasible but also efficient. It involves screen scraping to steal data while remaining undetectable. As they describe it: “While keeping the espionage activity invisible both from client-side and server-side malware detection measures, the attacker can automate the process and ultimately render the VDI solution ineffective.”

ABUSING MICROSOFT KERBEROS
ABUSING MICROSOFT KERBEROS

Here’s the abstract for this session by researchers Alva “Skip” Duckwall and Benjamin Delpy: “Microsoft Active Directory uses Kerberos to handle authentication requests by default. However, if the domain is compromised, how bad can it really be? With the loss of the right hash, Kerberos can be completely compromised for years after the attacker gained access. Yes, it really is that bad.” They’ll demonstrate such a compromise in real-world conditions.

REMOTE ATTACKS AGAINST CARS
REMOTE ATTACKS AGAINST CARS

Car makers don’t have consistent designs so there are no broad general ways to remotely exploit vulnerabilities against them. This talk by experts Charile Miller of Twitter and Christopher Valasek of IOActive looks at the networking in cars by a large number of manufacturers from a security perspective. They try to answer these questions: Are some cars more secure from remote compromise than others? Has automotive network security changed for the better (or worse) in the last five years? What does the future of automotive security hold and how can we protect our vehicles from attack moving forward?

STEALING DATA FROM POINT-OF-SALE DEVICES
STEALING DATA FROM POINT-OF-SALE DEVICES

Point-of-sale breaches such as the one that rocked Target occurred more frequently in the past year and many organizations are still vulnerable against the simplest exploits. Nir Valtman, Enterprise Security Architect of NCR Retail, will show how memory scraping is a big threat that is difficult to solve. He will show how to minimize the threat and discuss real-world methods that have been tried but don’t work as well as suggest ones that can.

USB STICK MALWARE
USB STICK MALWARE

USB sticks contain controller chips that can be compromised and lead to taking over host machines, stealing data and spying on users, according to independent researcher Karsten Nohl and Jakob Lell of SRLabs. These sticks can also spoof other devices. Their talk introduces a new form of malware operating from these reprogrammed chips and includes a demo of fully compromising a system with a self-replicating virus that is undetectable with current defenses. They suggest better ways to protect USB sticks.

HACKING MOBILE PROVIDERS’ CONTROL CODE
HACKING MOBILE PROVIDERS CONTROL CODE

Providers hide control code on cellular devices in order to facilitate service, but that code can be exploited, say Mathew Solnik and Marc Blanchou researchers with Accuvant Labs. They will disclose how to execute code over-the-air against these control platforms and show their impact on end users. They plan to release tools to assess and protect against the threats they expose in GSM, CDMA and LTE network control protocols affecting Android, iOS and Blackberry devices.

USE FREE CLOUD SERVICE TRIALS TO LAUNCH BOTNETS
USE FREE CLOUD SERVICE TRIALS TO LAUNCH BOTNETS

Rob Ragan and Oscar Salazaris, security associates at Bishop Fox, tell how they amassed computing power from free trials of cloud services. Here’s what they say: “What happens when computer criminals start using friendly cloud services for malicious activities? In this presentation, we explore how to (ab)use free trials to get access to vast amounts of computing power, storage, and pre-made hacking environments. Oh! Also, we violate the hell out of some terms of service… We managed to build this cloud-based botnet all for the low cost of $0 and semi-legally. This botnet doesn't get flagged as malware, blocked by web filters, or get taken over. This is the stuff of nightmares!”

MOBILE DEVICE MISMANAGEMENT
MOBILE DEVICE MISMANAGEMENT

Mobile Device Management software has access to a broad range of data that can be compromised by exploiting flaws in MDM products. Stephen Breen, a researcher at NTT COM Security, shows how to do it and provides an overview of the vulnerabilities that allow the exploits. Some, he says, are common across a number of commercial MDM products.

DIRTY LITTLE SECRETS CRYPTOGRAPHERS DON'T WANT YOU TO KNOW
DIRTY LITTLE SECRETS CRYPTOGRAPHERS DON'T WANT YOU TO KNOW

Based on their Crypto Challenge researchers Thomas Ptacek and Alex Balducci at Matasano Security will run through 48 attacks against realistic cryptographic constructions and explain how they can result in flaws in real-world software. They will also create a Rosetta Code site where known cryptographic exploits will be posted in several coding languages in order to give security pros a leg up on recognizing attacks.